CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3986 352 Dir. Trav. CSRF 2015-05-14 2015-05-15
4.3
None Remote Medium Not required Partial None None
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
2 CVE-2015-3337 22 Dir. Trav. 2015-05-01 2015-05-13
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
3 CVE-2015-3301 22 Dir. Trav. 2015-05-14 2015-05-15
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
4 CVE-2015-3035 22 Dir. Trav. 2015-04-21 2015-04-23
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
5 CVE-2015-2775 22 Dir. Trav. 2015-04-13 2015-04-17
7.6
None Remote High Not required Complete Complete Complete
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
6 CVE-2015-2304 22 Dir. Trav. 2015-03-15 2015-04-01
6.4
None Remote Low Not required None Partial Partial
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
7 CVE-2015-2243 22 Dir. Trav. 2015-03-09 2015-03-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php.
8 CVE-2015-2166 22 Dir. Trav. 2015-04-06 2015-04-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
9 CVE-2015-2071 22 1 Dir. Trav. 2015-02-24 2015-02-25
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
10 CVE-2015-2067 22 1 Dir. Trav. 2015-02-24 2015-02-25
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
11 CVE-2015-1589 22 Dir. Trav. 2015-02-23 2015-02-24
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file.
12 CVE-2015-1579 22 1 Dir. Trav. 2015-02-11 2015-02-12
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
13 CVE-2015-1577 22 1 Dir. Trav. 2015-02-11 2015-02-12
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
14 CVE-2015-1398 22 Exec Code Dir. Trav. 2015-04-29 2015-05-11
6.5
None Remote Low Single system Partial Partial Partial
Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involving a block value in the ___directive parameter to the Cms_Wysiwyg controller in the Adminhtml module, related to the blockDirective function and the auto loading mechanism. NOTE: vector 2 might not cross privilege boundaries, since administrators might already have the privileges to execute code and upload files.
15 CVE-2015-1365 22 1 Dir. Trav. 2015-01-27 2015-01-29
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
16 CVE-2015-1322 22 Dir. Trav. 2015-04-29 2015-04-30
4.6
None Local Low Not required Partial Partial Partial
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or ready arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
17 CVE-2015-1195 22 Dir. Trav. 2015-01-21 2015-01-25
6.5
None Remote Low Single system Partial Partial Partial
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
18 CVE-2015-1193 22 Dir. Trav. 2015-01-21 2015-01-23
5.0
None Remote Low Not required None Partial None
Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
19 CVE-2015-1192 22 Dir. Trav. 2015-01-21 2015-01-23
5.0
None Remote Low Not required None Partial None
Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.
20 CVE-2015-1191 22 Dir. Trav. 2015-01-21 2015-01-23
5.0
None Remote Low Not required None Partial None
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
21 CVE-2015-1087 22 Dir. Trav. 2015-04-10 2015-04-14
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
22 CVE-2015-0984 22 Dir. Trav. 2015-03-30 2015-04-29
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.
23 CVE-2015-0933 22 Dir. Trav. 2015-03-03 2015-03-04
3.5
None Remote Medium Single system Partial None None
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
24 CVE-2015-0911 22 Dir. Trav. 2015-04-23 2015-04-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling.
25 CVE-2015-0906 22 Dir. Trav. 2015-04-15 2015-04-15
5.8
None Remote Medium Not required None Partial Partial
Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.
26 CVE-2015-0878 22 Dir. Trav. 2015-02-20 2015-02-20
5.8
None Remote Medium Not required None Partial Partial
Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment.
27 CVE-2015-0867 22 Dir. Trav. 2015-01-21 2015-01-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename.
28 CVE-2015-0666 22 Dir. Trav. 2015-04-03 2015-04-09
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.
29 CVE-2015-0665 22 Dir. Trav. 2015-03-16 2015-03-23
6.6
None Local Low Not required None Complete Complete
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
30 CVE-2015-0557 22 Dir. Trav. 2015-04-08 2015-05-11
5.8
None Remote Medium Not required None Partial Partial
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
31 CVE-2015-0556 59 Dir. Trav. 2015-04-08 2015-05-11
5.8
None Remote Medium Not required None Partial Partial
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
32 CVE-2015-0552 22 Dir. Trav. 2015-01-15 2015-02-17
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
33 CVE-2015-0516 22 Dir. Trav. 2015-01-21 2015-03-24
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
34 CVE-2015-0171 Dir. Trav. 2015-05-25 2015-05-25
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
35 CVE-2015-0016 22 1 +Priv Dir. Trav. 2015-01-13 2015-02-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
36 CVE-2014-10037 22 1 Dir. Trav. 2015-01-13 2015-01-14
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
37 CVE-2014-10010 22 1 Dir. Trav. 2015-01-13 2015-01-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
38 CVE-2014-9707 17 DoS Exec Code Overflow Dir. Trav. 2015-03-31 2015-05-11
7.5
None Remote Low Not required Partial Partial Partial
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
39 CVE-2014-9581 22 1 Dir. Trav. 2015-01-08 2015-01-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
40 CVE-2014-9574 22 Dir. Trav. 2015-02-03 2015-02-03
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.
41 CVE-2014-9461 22 Dir. Trav. 2015-01-02 2015-01-05
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.
42 CVE-2014-9452 22 Dir. Trav. 2015-01-02 2015-01-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/.
43 CVE-2014-9447 22 Dir. Trav. 2015-01-02 2015-04-17
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
44 CVE-2014-9436 22 1 Dir. Trav. 2015-01-02 2015-01-05
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
45 CVE-2014-9389 22 Dir. Trav. 2015-01-05 2015-01-06
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
46 CVE-2014-9375 22 Dir. Trav. 2015-02-16 2015-02-17
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.
47 CVE-2014-9373 22 Exec Code Dir. Trav. 2014-12-16 2014-12-17
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
48 CVE-2014-9372 22 Dir. Trav. 2014-12-16 2015-02-17
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
49 CVE-2014-9282 22 Dir. Trav. 2015-02-24 2015-02-25
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.
50 CVE-2014-9261 22 1 Dir. Trav. 2015-03-23 2015-03-24
5.0
None Remote Low Not required Partial None None
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
Total number of vulnerabilities : 2851   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.