Search Results (9560 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1798 2 Kubevirt, Redhat 2 Kubevirt, Container Native Virtualization 2025-04-21 8.7 High
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
CVE-2016-7552 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVE-2016-4313 1 Extplorer 1 Extplorer 2025-04-20 N/A
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
CVE-2015-7780 1 Zohocorp 1 Manageengine Firewall Analyzer 2025-04-20 N/A
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
CVE-2016-7842 1 Hibara 1 Attachecase 2025-04-20 N/A
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
CVE-2016-9364 1 Fidelex 4 Fx-2030a-basic Controller, Fx-2030a-basic Firmware, Fx-2030a Controller and 1 more 2025-04-20 N/A
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server.
CVE-2016-9357 1 Eaton 10 Eamaxx Series Epdu, Eamaxx Series Epdu Firmware, Eamxxx Series Epdu and 7 more 2025-04-20 N/A
An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal).
CVE-2014-9983 1 Rarlab 1 Rar 2025-04-20 N/A
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
CVE-2015-0269 1 Contao 1 Contao Cms 2025-04-20 N/A
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
CVE-2016-4986 1 Jenkins 1 Tap 2025-04-20 7.5 High
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
CVE-2016-10397 1 Php 1 Php 2025-04-20 N/A
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
CVE-2015-5473 1 Samsung 1 Syncthru 6 2025-04-20 N/A
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
CVE-2016-7802 1 Cybozu 1 Garoon 2025-04-20 N/A
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2015-5468 1 Wpshopstyling 1 Wp E-commerce Shop Styling 2025-04-20 N/A
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
CVE-2016-8211 1 Dell 1 Emc Data Protection Advisor 2025-04-20 7.5 High
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2014-3702 1 Redhat 1 Edeploy 2025-04-20 N/A
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.
CVE-2016-4987 1 Jenkins 1 Image Gallery 2025-04-20 6.5 Medium
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
CVE-2016-6517 1 Liferay 1 Liferay 2025-04-20 N/A
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
CVE-2016-6269 1 Trendmicro 1 Smart Protection Server 2025-04-20 9.1 Critical
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
CVE-2016-9351 1 Advantech 1 Susiaccess 2025-04-20 N/A
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.