Total
6480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-7097 | 1 7mediaws | 1 Edutrac | 2024-08-06 | N/A |
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php. | ||||
CVE-2013-7091 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-08-06 | N/A |
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. | ||||
CVE-2013-6987 | 1 Synology | 1 Diskstation Manager | 2024-08-06 | N/A |
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. | ||||
CVE-2013-6975 | 1 Cisco | 1 Nx-os | 2024-08-06 | N/A |
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | ||||
CVE-2013-6821 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2013-6768 | 2 Google, Koushik Dutta | 2 Android, Superuser | 2024-08-06 | N/A |
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. | ||||
CVE-2013-6785 | 1 Supermicro | 1 Intelligent Platform Management Interface | 2024-08-06 | 4.3 Medium |
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | ||||
CVE-2013-6771 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script. | ||||
CVE-2013-6720 | 1 Ibm | 1 Tealeaf Cx | 2024-08-06 | N/A |
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file. | ||||
CVE-2013-6652 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-06 | N/A |
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism. | ||||
CVE-2013-6397 | 2 Apache, Redhat | 3 Solr, Jboss Data Grid, Jboss Enterprise Web Framework | 2024-08-06 | N/A |
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | ||||
CVE-2013-6303 | 1 Ibm | 1 Algo One | 2024-08-06 | N/A |
Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
CVE-2013-6304 | 1 Ibm | 2 Algo One, Algo Risk Application | 2024-08-06 | N/A |
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | ||||
CVE-2013-6226 | 1 Ajaxplorer | 1 Ajaxplorer | 2024-08-06 | N/A |
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. | ||||
CVE-2013-6030 | 1 Emerson | 1 Network Power Avocent Mergepoint Unity 2016 Firmware | 2024-08-06 | N/A |
Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file. | ||||
CVE-2013-6221 | 1 Hp | 1 Service Virtualization | 2024-08-06 | N/A |
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031. | ||||
CVE-2013-6056 | 1 Alienvault | 1 Open Source Security Information Management | 2024-08-06 | 7.5 High |
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability | ||||
CVE-2013-6177 | 1 Emc | 1 Document Sciences Xpression | 2024-08-06 | N/A |
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access. | ||||
CVE-2013-6225 | 1 Livezilla | 1 Livezilla | 2024-08-06 | 9.8 Critical |
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability | ||||
CVE-2013-6023 | 1 Tvt | 2 Dvr, Dvr Firmware | 2024-08-06 | N/A |
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. |