# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2015-8565 |
22 |
|
Dir. Trav. |
2015-12-16 |
2015-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. |
2 |
CVE-2015-8564 |
22 |
|
Dir. Trav. |
2015-12-16 |
2015-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. |
3 |
CVE-2015-8358 |
22 |
|
Dir. Trav. |
2015-12-16 |
2018-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php. |
4 |
CVE-2015-8357 |
22 |
|
DoS Dir. Trav. +Info |
2015-12-16 |
2018-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php. |
5 |
CVE-2015-8228 |
22 |
|
Dir. Trav. |
2015-11-24 |
2015-11-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. |
6 |
CVE-2015-7907 |
22 |
|
Dir. Trav. Bypass |
2015-12-21 |
2015-12-22 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. |
7 |
CVE-2015-7820 |
362 |
|
Dir. Trav. |
2015-11-12 |
2015-11-12 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. |
8 |
CVE-2015-7817 |
362 |
|
Dir. Trav. |
2015-11-12 |
2015-11-12 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. |
9 |
CVE-2015-7815 |
22 |
|
Dir. Trav. |
2015-11-16 |
2019-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. |
10 |
CVE-2015-7683 |
22 |
|
Dir. Trav. |
2015-10-16 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. |
11 |
CVE-2015-7603 |
22 |
|
Dir. Trav. |
2015-09-29 |
2015-09-30 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. |
12 |
CVE-2015-7602 |
22 |
|
Dir. Trav. |
2015-09-29 |
2015-10-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. |
13 |
CVE-2015-7601 |
22 |
|
Dir. Trav. |
2015-09-29 |
2017-11-07 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. |
14 |
CVE-2015-7372 |
22 |
|
Dir. Trav. |
2015-10-14 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter. |
15 |
CVE-2015-7254 |
22 |
|
Dir. Trav. |
2015-11-07 |
2018-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. |
16 |
CVE-2015-7250 |
22 |
|
Dir. Trav. |
2015-12-30 |
2017-09-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. |
17 |
CVE-2015-7237 |
22 |
|
Dir. Trav. +Info |
2015-09-18 |
2015-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. |
18 |
CVE-2015-7037 |
22 |
|
Dir. Trav. |
2015-12-11 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. |
19 |
CVE-2015-7006 |
22 |
|
Exec Code Dir. Trav. |
2015-10-23 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. |
20 |
CVE-2015-6914 |
22 |
|
Dir. Trav. |
2015-09-11 |
2015-09-14 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx. |
21 |
CVE-2015-6852 |
200 |
|
Dir. Trav. +Info |
2015-12-28 |
2016-12-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. |
22 |
CVE-2015-6500 |
22 |
|
DoS Dir. Trav. |
2015-10-26 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Complete |
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. |
23 |
CVE-2015-6459 |
22 |
|
Dir. Trav. |
2015-09-18 |
2015-09-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. |
24 |
CVE-2015-6406 |
22 |
|
Dir. Trav. |
2015-12-13 |
2016-12-07 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. |
25 |
CVE-2015-6003 |
22 |
|
Dir. Trav. |
2015-10-16 |
2016-12-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. |
26 |
CVE-2015-5766 |
22 |
|
Dir. Trav. |
2015-08-17 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. |
27 |
CVE-2015-5688 |
22 |
|
Dir. Trav. |
2015-09-04 |
2015-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. |
28 |
CVE-2015-5662 |
22 |
|
Dir. Trav. |
2015-10-18 |
2016-12-08 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. |
29 |
CVE-2015-5650 |
22 |
|
Dir. Trav. |
2015-10-06 |
2015-10-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. |
30 |
CVE-2015-5638 |
22 |
|
Dir. Trav. |
2015-09-20 |
2015-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. |
31 |
CVE-2015-5531 |
22 |
|
Dir. Trav. |
2015-08-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. |
32 |
CVE-2015-5482 |
22 |
|
Dir. Trav. |
2015-08-18 |
2016-12-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. |
33 |
CVE-2015-5472 |
22 |
|
Dir. Trav. |
2015-09-15 |
2015-09-16 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. |
34 |
CVE-2015-5353 |
22 |
|
Dir. Trav. |
2015-07-01 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. |
35 |
CVE-2015-5322 |
22 |
|
Dir. Trav. |
2015-11-25 |
2019-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. |
36 |
CVE-2015-5305 |
22 |
|
Dir. Trav. |
2015-11-06 |
2023-02-02 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal. |
37 |
CVE-2015-5199 |
22 |
|
+Priv Dir. Trav. |
2015-09-08 |
2016-12-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. |
38 |
CVE-2015-5149 |
22 |
|
Dir. Trav. |
2015-06-30 |
2016-12-07 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. |
39 |
CVE-2015-5065 |
22 |
|
Dir. Trav. |
2015-06-24 |
2019-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter. |
40 |
CVE-2015-4716 |
22 |
|
Exec Code Dir. Trav. |
2015-10-21 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. |
41 |
CVE-2015-4670 |
22 |
|
Dir. Trav. |
2015-08-18 |
2018-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd. |
42 |
CVE-2015-4666 |
22 |
|
Dir. Trav. |
2015-08-13 |
2018-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. |
43 |
CVE-2015-4641 |
22 |
|
Exec Code Dir. Trav. |
2015-06-19 |
2016-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory. |
44 |
CVE-2015-4616 |
22 |
|
Dir. Trav. |
2015-07-08 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter. |
45 |
CVE-2015-4546 |
22 |
|
Dir. Trav. |
2015-10-02 |
2016-12-08 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. |
46 |
CVE-2015-4527 |
200 |
|
Dir. Trav. +Info |
2015-07-23 |
2015-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. |
47 |
CVE-2015-4425 |
22 |
|
Dir. Trav. |
2015-08-18 |
2015-08-19 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. |
48 |
CVE-2015-4415 |
22 |
|
Dir. Trav. |
2015-06-10 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/. |
49 |
CVE-2015-4414 |
22 |
|
Dir. Trav. |
2015-06-17 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
50 |
CVE-2015-4289 |
22 |
|
Dir. Trav. |
2015-08-01 |
2015-09-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. |