CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1231 22 Dir. Trav. 2016-01-12 2016-01-21
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
2 CVE-2016-1145 Dir. Trav. 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
3 CVE-2016-0855 22 Dir. Trav. 2016-01-14 2016-01-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
4 CVE-2015-8770 Exec Code Dir. Trav. 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
5 CVE-2015-8565 22 Dir. Trav. 2015-12-16 2015-12-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
6 CVE-2015-8564 22 Dir. Trav. 2015-12-16 2015-12-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
7 CVE-2015-8358 22 Dir. Trav. 2015-12-16 2015-12-17
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
8 CVE-2015-8357 22 DoS Dir. Trav. +Info 2015-12-16 2015-12-17
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
9 CVE-2015-8228 22 Dir. Trav. 2015-11-24 2015-11-25
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
10 CVE-2015-7907 22 Dir. Trav. Bypass 2015-12-21 2015-12-22
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
11 CVE-2015-7820 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
12 CVE-2015-7817 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
13 CVE-2015-7815 22 Dir. Trav. 2015-11-16 2015-11-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
14 CVE-2015-7603 22 Dir. Trav. 2015-09-29 2015-09-30
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
15 CVE-2015-7602 22 Dir. Trav. 2015-09-29 2015-10-13
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
16 CVE-2015-7601 22 Dir. Trav. 2015-09-29 2015-09-30
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
17 CVE-2015-7372 22 Dir. Trav. 2015-10-14 2015-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
18 CVE-2015-7254 22 Dir. Trav. 2015-11-06 2015-11-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
19 CVE-2015-7250 22 Dir. Trav. 2015-12-30 2015-12-30
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
20 CVE-2015-7237 22 Dir. Trav. +Info 2015-09-18 2015-09-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
21 CVE-2015-7037 22 Dir. Trav. 2015-12-11 2015-12-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
22 CVE-2015-7006 22 Exec Code Dir. Trav. 2015-10-23 2015-10-26
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
23 CVE-2015-6914 22 Dir. Trav. 2015-09-11 2015-09-14
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.
24 CVE-2015-6852 200 Dir. Trav. +Info 2015-12-28 2015-12-29
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
25 CVE-2015-6833 22 Dir. Trav. 2016-01-19 2016-01-22
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
26 CVE-2015-6500 22 DoS Dir. Trav. 2015-10-26 2015-10-28
7.5
None Remote Low Single system Partial None Complete
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
27 CVE-2015-6459 22 Dir. Trav. 2015-09-18 2015-09-23
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
28 CVE-2015-6406 22 Dir. Trav. 2015-12-12 2015-12-14
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.
29 CVE-2015-6003 Dir. Trav. 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
30 CVE-2015-5766 22 Dir. Trav. 2015-08-16 2015-08-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
31 CVE-2015-5688 22 Dir. Trav. 2015-09-04 2015-09-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
32 CVE-2015-5650 22 Dir. Trav. 2015-10-05 2015-10-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.
33 CVE-2015-5638 22 Dir. Trav. 2015-09-20 2015-09-23
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
34 CVE-2015-5531 22 Dir. Trav. 2015-08-17 2015-08-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
35 CVE-2015-5482 22 Dir. Trav. 2015-08-18 2015-08-19
4.0
None Remote Low Single system None None Partial
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
36 CVE-2015-5472 22 Dir. Trav. 2015-09-15 2015-09-16
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
37 CVE-2015-5471 22 Dir. Trav. 2016-01-12 2016-01-20
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
38 CVE-2015-5353 22 Dir. Trav. 2015-07-01 2015-07-02
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
39 CVE-2015-5322 22 Dir. Trav. 2015-11-25 2016-02-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CloudBees Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
40 CVE-2015-5305 22 Dir. Trav. 2015-11-06 2015-11-09
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
41 CVE-2015-5199 22 +Priv Dir. Trav. 2015-09-08 2015-09-09
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
42 CVE-2015-5149 22 Dir. Trav. 2015-06-30 2015-07-01
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
43 CVE-2015-5065 22 Dir. Trav. 2015-06-24 2015-06-24
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
44 CVE-2015-4988 22 Dir. Trav. 2016-01-18 2016-01-21
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
45 CVE-2015-4716 22 Exec Code Dir. Trav. 2015-10-21 2015-10-22
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
46 CVE-2015-4703 22 Dir. Trav. 2016-01-12 2016-01-20
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.
47 CVE-2015-4694 22 Dir. Trav. 2016-01-08 2016-01-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
48 CVE-2015-4670 22 Dir. Trav. 2015-08-18 2015-08-20
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
49 CVE-2015-4666 22 Dir. Trav. 2015-08-13 2015-08-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
50 CVE-2015-4641 22 Exec Code Dir. Trav. 2015-06-19 2015-06-22
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
Total number of vulnerabilities : 2946   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.