Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Source: MITRE
Max CVSS
5.0
EPSS Score
2.63%
Published
2013-12-20
Updated
2017-08-29

CVE-2013-7091

Public exploit
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
Source: MITRE
Max CVSS
5.0
EPSS Score
97.34%
Published
2013-12-13
Updated
2020-06-04
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.81%
Published
2013-12-31
Updated
2017-08-29
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.28%
Published
2013-11-23
Updated
2013-11-27
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.25%
Published
2013-11-20
Updated
2013-11-21
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.35%
Published
2013-11-20
Updated
2018-12-10
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
Source: Cisco Systems, Inc.
Max CVSS
6.3
EPSS Score
0.09%
Published
2013-11-18
Updated
2013-11-19
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
52.82%
Published
2013-12-07
Updated
2023-02-13
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors.
Source: MITRE
Max CVSS
8.5
EPSS Score
0.89%
Published
2013-11-14
Updated
2017-08-29
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.
Source: Dell
Max CVSS
3.5
EPSS Score
0.16%
Published
2013-11-21
Updated
2015-07-22
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
Source: ICS-CERT
Max CVSS
5.8
EPSS Score
24.50%
Published
2013-10-25
Updated
2013-10-28
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
Source: ICS-CERT
Max CVSS
5.8
EPSS Score
0.49%
Published
2013-10-25
Updated
2013-10-28
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
Source: CERT/CC
Max CVSS
7.8
EPSS Score
15.20%
Published
2013-11-02
Updated
2016-03-31
Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.
Source: JPCERT/CC
Max CVSS
5.0
EPSS Score
0.35%
Published
2013-12-05
Updated
2014-02-25
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
Source: MITRE
Max CVSS
5.0
EPSS Score
7.98%
Published
2013-10-02
Updated
2018-08-13
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.57%
Published
2013-09-16
Updated
2017-08-29
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
Source: MITRE
Max CVSS
8.5
EPSS Score
0.30%
Published
2013-09-30
Updated
2013-10-01
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.15%
Published
2013-11-05
Updated
2013-11-06
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.31%
Published
2013-08-29
Updated
2013-08-30
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
Source: Cisco Systems, Inc.
Max CVSS
7.5
EPSS Score
1.41%
Published
2013-11-08
Updated
2013-11-08
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
Source: Cisco Systems, Inc.
Max CVSS
4.0
EPSS Score
0.09%
Published
2013-10-19
Updated
2013-10-21
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
Source: Cisco Systems, Inc.
Max CVSS
4.0
EPSS Score
0.72%
Published
2013-10-11
Updated
2017-01-04

CVE-2013-5486

Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Source: Cisco Systems, Inc.
Max CVSS
10.0
EPSS Score
97.13%
Published
2013-09-23
Updated
2016-09-16
Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.41%
Published
2013-08-16
Updated
2017-08-29
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd.
Source: MITRE
Max CVSS
3.3
EPSS Score
0.36%
Published
2013-12-30
Updated
2013-12-30
111 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!