Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-16
Updated
2015-12-17
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-16
Updated
2015-12-17
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
Max CVSS
9.0
EPSS Score
2.67%
Published
2015-12-16
Updated
2018-10-09
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
Max CVSS
6.5
EPSS Score
2.42%
Published
2015-12-16
Updated
2018-10-09
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.14%
Published
2015-11-24
Updated
2015-11-25
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
Max CVSS
8.6
EPSS Score
0.15%
Published
2015-12-21
Updated
2015-12-22
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
Max CVSS
7.1
EPSS Score
27.21%
Published
2015-11-12
Updated
2015-11-12
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
Max CVSS
7.1
EPSS Score
27.21%
Published
2015-11-12
Updated
2015-11-12
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
Max CVSS
7.5
EPSS Score
2.31%
Published
2015-11-16
Updated
2019-11-21
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Max CVSS
4.0
EPSS Score
0.22%
Published
2015-10-16
Updated
2018-10-09

CVE-2015-7603

Public exploit
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
Max CVSS
7.8
EPSS Score
60.60%
Published
2015-09-29
Updated
2015-09-30

CVE-2015-7602

Public exploit
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
Max CVSS
7.8
EPSS Score
50.30%
Published
2015-09-29
Updated
2015-10-13

CVE-2015-7601

Public exploit
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
Max CVSS
7.8
EPSS Score
65.28%
Published
2015-09-29
Updated
2017-11-07
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Max CVSS
7.5
EPSS Score
1.06%
Published
2015-10-14
Updated
2018-10-09
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
Max CVSS
5.0
EPSS Score
11.68%
Published
2015-11-07
Updated
2018-12-15
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
Max CVSS
7.8
EPSS Score
0.28%
Published
2015-12-30
Updated
2017-09-13
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.22%
Published
2015-09-18
Updated
2015-09-22
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
Max CVSS
5.0
EPSS Score
0.18%
Published
2015-12-11
Updated
2016-12-07
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
Max CVSS
6.8
EPSS Score
3.49%
Published
2015-10-23
Updated
2016-12-24
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.
Max CVSS
7.8
EPSS Score
0.40%
Published
2015-09-11
Updated
2015-09-14
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-12-28
Updated
2016-12-07
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
Max CVSS
7.5
EPSS Score
0.27%
Published
2015-10-26
Updated
2017-11-04
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
Max CVSS
10.0
EPSS Score
61.43%
Published
2015-09-18
Updated
2015-09-23
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.
Max CVSS
4.0
EPSS Score
0.12%
Published
2015-12-13
Updated
2016-12-07
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
Max CVSS
9.3
EPSS Score
0.66%
Published
2015-10-16
Updated
2016-12-08
152 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!