Total
6480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-08-06 | 9.8 Critical |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | ||||
| CVE-2013-4668 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2024-08-06 | N/A |
| Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. | ||||
| CVE-2013-4654 | 1 Tp-link | 4 Tl-1043nd, Tl-1043nd Firmware, Tl-wdr4300 and 1 more | 2024-08-06 | 9.8 Critical |
| Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | ||||
| CVE-2013-4656 | 1 Asus | 4 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 1 more | 2024-08-06 | 9.8 Critical |
| Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | ||||
| CVE-2013-4524 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path. | ||||
| CVE-2013-4510 | 1 Tryton | 1 Tryton | 2024-08-06 | N/A |
| Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report. | ||||
| CVE-2013-4413 | 2 Ruby-lang, Schneems | 2 Ruby, Wicked | 2024-08-06 | N/A |
| Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step. | ||||
| CVE-2013-4420 | 1 Feep | 1 Libtar | 2024-08-06 | N/A |
| Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file. | ||||
| CVE-2013-4315 | 2 Djangoproject, Redhat | 2 Django, Openstack | 2024-08-06 | N/A |
| Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. | ||||
| CVE-2013-4054 | 1 Ibm | 1 Websphere Mq | 2024-08-06 | N/A |
| Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | ||||
| CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2024-08-06 | 6.5 Medium |
| IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | ||||
| CVE-2024-5709 | 1 Wpbakery | 1 Wpbakery Visual Composer | 2024-08-06 | 8.8 High |
| The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2013-3922 | 1 Gummybearstudios | 1 Ftp Drive \+ Http Server | 2024-08-06 | N/A |
| Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | ||||
| CVE-2013-3921 | 1 Easytimestudio | 1 Easy File Manager | 2024-08-06 | N/A |
| Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | ||||
| CVE-2013-3923 | 1 Savysoda | 1 Wifi Free Hd | 2024-08-06 | N/A |
| Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | ||||
| CVE-2013-3827 | 2 Oracle, Redhat | 2 Fusion Middleware, Jboss Data Grid | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. | ||||
| CVE-2013-3739 | 1 Network-weathermap | 1 .network Weathermap | 2024-08-06 | N/A |
| Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action. | ||||
| CVE-2013-3706 | 1 Novell | 1 Zenworks Configuration Management | 2024-08-06 | N/A |
| Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. | ||||
| CVE-2013-3661 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2024-08-06 | N/A |
| The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. | ||||
| CVE-2013-3598 | 1 Searchblox | 1 Searchblox | 2024-08-06 | N/A |
| Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter. | ||||