Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
Max CVSS
10.0
EPSS Score
17.70%
Published
2014-12-16
Updated
2014-12-17
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
Max CVSS
6.4
EPSS Score
2.14%
Published
2014-12-16
Updated
2015-02-17
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Max CVSS
6.4
EPSS Score
0.27%
Published
2014-12-16
Updated
2018-10-09
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
Max CVSS
6.5
EPSS Score
1.29%
Published
2014-11-30
Updated
2018-10-30
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.
Max CVSS
6.2
EPSS Score
0.06%
Published
2014-11-17
Updated
2017-09-08
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Max CVSS
10.0
EPSS Score
0.85%
Published
2014-10-31
Updated
2018-10-09
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
Max CVSS
7.5
EPSS Score
94.62%
Published
2014-12-10
Updated
2019-07-15
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Max CVSS
7.5
EPSS Score
3.23%
Published
2014-10-08
Updated
2017-09-08

CVE-2014-6037

Public exploit
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
Max CVSS
7.5
EPSS Score
96.59%
Published
2014-10-26
Updated
2020-03-26
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
Max CVSS
6.4
EPSS Score
95.43%
Published
2014-12-04
Updated
2019-07-15
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Max CVSS
7.5
EPSS Score
95.17%
Published
2014-12-04
Updated
2014-12-05
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.
Max CVSS
7.8
EPSS Score
1.07%
Published
2014-12-16
Updated
2014-12-17
Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors.
Max CVSS
6.4
EPSS Score
0.32%
Published
2014-09-26
Updated
2015-07-29
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Max CVSS
6.4
EPSS Score
96.04%
Published
2014-08-01
Updated
2024-03-21
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
Max CVSS
7.5
EPSS Score
90.22%
Published
2014-10-21
Updated
2020-01-17

CVE-2014-5005

Public exploit
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
Max CVSS
7.5
EPSS Score
97.22%
Published
2014-10-21
Updated
2020-01-17
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
Max CVSS
6.8
EPSS Score
0.75%
Published
2014-08-20
Updated
2014-08-21

CVE-2014-4877

Public exploit
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Max CVSS
9.3
EPSS Score
7.82%
Published
2014-10-29
Updated
2017-02-17
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Max CVSS
6.4
EPSS Score
0.13%
Published
2014-06-20
Updated
2014-06-23

CVE-2014-3914

Public exploit
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Max CVSS
10.0
EPSS Score
97.05%
Published
2014-08-07
Updated
2014-08-07
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
Max CVSS
6.4
EPSS Score
17.16%
Published
2014-05-30
Updated
2017-12-29
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
Max CVSS
6.4
EPSS Score
0.85%
Published
2014-05-30
Updated
2017-12-29
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
Max CVSS
6.4
EPSS Score
0.32%
Published
2014-10-29
Updated
2014-11-20
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
Max CVSS
6.8
EPSS Score
27.38%
Published
2014-05-20
Updated
2021-04-13
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
Max CVSS
6.8
EPSS Score
0.18%
Published
2014-07-14
Updated
2017-08-29
77 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!