Total
7155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9275 | 1 Arc Project | 1 Arc | 2024-11-21 | N/A |
| ARC 5.21q allows directory traversal via a full pathname in an archive file. | ||||
| CVE-2015-9266 | 2 Ubnt, Ui | 23 Airos 4 Xs2, Airos 4 Xs5, Edgeswitch Xp Firmware and 20 more | 2024-11-21 | N/A |
| The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. | ||||
| CVE-2015-9250 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | ||||
| CVE-2015-8535 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-7851 | 1 Ntp | 1 Ntp | 2024-11-21 | 6.5 Medium |
| Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | ||||
| CVE-2015-6591 | 1 Freereprintables | 1 Articlefr | 2024-11-21 | 5.5 Medium |
| Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter. | ||||
| CVE-2015-6589 | 1 Kaseya | 1 Virtual System Administrator | 2024-11-21 | 8.8 High |
| Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | ||||
| CVE-2015-5952 | 1 Thomsonreuters | 1 Fatca | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter. | ||||
| CVE-2015-5467 | 1 Yiiframework | 1 Yii | 2024-11-21 | 9.8 Critical |
| web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | ||||
| CVE-2015-5079 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A |
| Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | ||||
| CVE-2015-4632 | 1 Koha | 1 Koha | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. | ||||
| CVE-2015-4617 | 1 Easy2map | 1 Easy2map-photos | 2024-11-21 | N/A |
| Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. | ||||
| CVE-2015-4461 | 1 Efrontlearning | 1 Efront | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter. | ||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. | ||||
| CVE-2015-3151 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | ||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 7.5 High |
| The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | ||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 7.5 High |
| The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | ||||
| CVE-2015-2060 | 2 Cabextract Project, Linux | 2 Cabextract, Linux Kernel | 2024-11-21 | 5.3 Medium |
| cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. | ||||
| CVE-2015-1503 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | ||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2024-11-21 | 7.5 High |
| A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | ||||