CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9373 22 Exec Code Dir. Trav. 2014-12-16 2014-12-17
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
2 CVE-2014-9372 22 Dir. Trav. 2014-12-16 2014-12-17
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
3 CVE-2014-9238 22 Dir. Trav. 2014-12-03 2014-12-05
5.0
None Remote Low Not required Partial None None
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.
4 CVE-2014-9234 22 Dir. Trav. 2014-12-03 2014-12-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
5 CVE-2014-9181 22 Dir. Trav. 2014-12-02 2014-12-02
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
6 CVE-2014-9155 22 Dir. Trav. 2014-12-01 2014-12-05
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
7 CVE-2014-8961 22 Dir. Trav. +Info 2014-11-30 2014-12-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.
8 CVE-2014-8959 22 Dir. Trav. 2014-11-30 2014-12-17
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
9 CVE-2014-8801 22 1 Dir. Trav. 2014-11-28 2014-11-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
10 CVE-2014-8799 22 1 Dir. Trav. 2014-11-28 2014-11-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
11 CVE-2014-8737 22 Dir. Trav. 2014-12-09 2014-12-10
3.6
None Local Low Not required None Partial Partial
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
12 CVE-2014-8727 22 1 Dir. Trav. 2014-11-17 2014-11-20
6.2
None Local Low Single system None Complete Complete
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.
13 CVE-2014-8659 22 Dir. Trav. 2014-11-06 2014-11-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
14 CVE-2014-8585 59 Dir. Trav. 2014-11-04 2014-11-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
15 CVE-2014-8555 22 1 Dir. Trav. 2014-11-12 2014-11-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
16 CVE-2014-7985 22 Dir. Trav. 2014-10-31 2014-11-03
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
17 CVE-2014-7866 22 Dir. Trav. 2014-12-10 2014-12-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
18 CVE-2014-7829 22 Dir. Trav. 2014-11-18 2014-12-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.
19 CVE-2014-7819 22 Dir. Trav. 2014-11-08 2014-12-02
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
20 CVE-2014-7818 22 Dir. Trav. 2014-11-08 2014-12-02
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
21 CVE-2014-7816 22 Dir. Trav. 2014-12-01 2014-12-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
22 CVE-2014-6394 22 Dir. Trav. 2014-10-08 2014-10-09
7.5
None Remote Low Not required Partial Partial Partial
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
23 CVE-2014-6308 22 Dir. Trav. 2014-10-20 2014-10-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
24 CVE-2014-6182 22 Dir. Trav. 2014-12-16 2014-12-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
25 CVE-2014-6149 22 Dir. Trav. 2014-10-29 2014-11-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
26 CVE-2014-6095 22 Dir. Trav. 2014-11-17 2014-11-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
27 CVE-2014-6037 22 1 Exec Code Dir. Trav. 2014-10-26 2014-12-06
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root.
28 CVE-2014-6036 22 Dir. Trav. 2014-12-04 2014-12-05
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
29 CVE-2014-6035 22 Dir. Trav. 2014-12-04 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
30 CVE-2014-6034 22 Dir. Trav. 2014-12-04 2014-12-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
31 CVE-2014-5465 22 1 Dir. Trav. 2014-09-03 2014-09-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
32 CVE-2014-5446 22 Dir. Trav. 2014-12-04 2014-12-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
33 CVE-2014-5445 22 Dir. Trav. 2014-12-04 2014-12-05
5.0
None Remote Low Not required Partial None None
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
34 CVE-2014-5393 22 Dir. Trav. 2014-09-11 2014-09-11
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
35 CVE-2014-5368 22 Dir. Trav. 2014-08-22 2014-08-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
36 CVE-2014-5359 22 Dir. Trav. 2014-12-16 2014-12-17
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.
37 CVE-2014-5350 22 Dir. Trav. 2014-08-19 2014-08-20
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
38 CVE-2014-5319 22 Dir. Trav. 2014-09-26 2014-10-14
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors.
39 CVE-2014-5258 22 Dir. Trav. 2014-11-06 2014-11-07
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
40 CVE-2014-5197 22 Dir. Trav. 2014-08-12 2014-08-13
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
41 CVE-2014-5187 22 Dir. Trav. 2014-08-06 2014-08-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
42 CVE-2014-5181 22 Dir. Trav. 2014-08-06 2014-08-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
43 CVE-2014-5160 22 Dir. Trav. 2014-08-01 2014-08-01
6.4
None Remote Low Not required None Partial Partial
** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design."
44 CVE-2014-5115 22 1 Dir. Trav. 2014-07-29 2014-08-27
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
45 CVE-2014-5111 22 Dir. Trav. 2014-07-28 2014-07-29
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
46 CVE-2014-5006 22 1 Exec Code Dir. Trav. 2014-10-21 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
47 CVE-2014-5005 22 1 Exec Code Dir. Trav. 2014-10-21 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
48 CVE-2014-4941 22 Dir. Trav. 2014-07-11 2014-07-14
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
49 CVE-2014-4940 22 Dir. Trav. 2014-07-11 2014-07-14
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
50 CVE-2014-4937 22 Dir. Trav. 2014-07-11 2014-07-14
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Total number of vulnerabilities : 198   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.