Total
6484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3227 | 1 Debian | 1 Dpkg | 2024-08-06 | N/A |
| dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program. | ||||
| CVE-2014-3225 | 1 Cobblerd | 1 Cobbler | 2024-08-06 | N/A |
| Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | ||||
| CVE-2014-3127 | 1 Debian | 1 Dpkg | 2024-08-06 | N/A |
| dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. | ||||
| CVE-2014-2962 | 1 Belkin | 2 N150 F9k1009, N150 F9k1009 Firmware | 2024-08-06 | N/A |
| Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. | ||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2024-08-06 | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | ||||
| CVE-2014-2976 | 1 Sixnet | 1 Sixview Manager | 2024-08-06 | N/A |
| Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. | ||||
| CVE-2014-2846 | 1 Westerndigital | 1 Arkeia Virtual Appliance Firmware | 2024-08-06 | N/A |
| Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | ||||
| CVE-2014-2933 | 1 Caldera | 1 Caldera | 2024-08-06 | N/A |
| Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. | ||||
| CVE-2014-2732 | 1 Siemens | 1 Sinema Server | 2024-08-06 | N/A |
| Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. | ||||
| CVE-2014-2674 | 1 Ajax-pagination Project | 1 Ajax-pagination | 2024-08-06 | N/A |
| Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-2611 | 1 Hp | 1 Executive Scorecard | 2024-08-06 | N/A |
| Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120. | ||||
| CVE-2014-2625 | 1 Hp | 1 Network Virtualization | 2024-08-06 | N/A |
| Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023. | ||||
| CVE-2014-2626 | 1 Hp | 1 Network Virtualization | 2024-08-06 | N/A |
| Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | ||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2024-08-06 | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | ||||
| CVE-2014-2610 | 1 Hp | 1 Executive Scorecard | 2024-08-06 | N/A |
| Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117. | ||||
| CVE-2014-2583 | 1 Linux-pam | 1 Linux-pam | 2024-08-06 | N/A |
| Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. | ||||
| CVE-2014-2575 | 1 Devexpress | 1 Aspxfilemanager Control For Webforms And Mvc | 2024-08-06 | N/A |
| Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter. | ||||
| CVE-2014-2535 | 1 Mcafee | 1 Web Gateway | 2024-08-06 | N/A |
| Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. | ||||
| CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2024-08-06 | N/A |
| Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | ||||
| CVE-2014-2352 | 1 Cogentdatahub | 1 Cogent Datahub | 2024-08-06 | N/A |
| Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname. | ||||