Total
6484 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-6833 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2024-08-06 | N/A |
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. | ||||
CVE-2015-6589 | 1 Kaseya | 1 Virtual System Administrator | 2024-08-06 | 8.8 High |
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | ||||
CVE-2015-6500 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. | ||||
CVE-2015-6591 | 1 Freereprintables | 1 Articlefr | 2024-08-06 | 5.5 Medium |
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter. | ||||
CVE-2015-6459 | 1 Ge | 1 Mds Pulsenet | 2024-08-06 | N/A |
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. | ||||
CVE-2015-6406 | 1 Cisco | 1 Emergency Responder | 2024-08-06 | N/A |
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | ||||
CVE-2015-5952 | 1 Thomsonreuters | 1 Fatca | 2024-08-06 | 9.8 Critical |
Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter. | ||||
CVE-2015-6003 | 1 Qnap | 1 Qts | 2024-08-06 | N/A |
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | ||||
CVE-2015-5766 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | ||||
CVE-2015-5688 | 1 Geddyjs | 1 Geddy | 2024-08-06 | N/A |
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. | ||||
CVE-2015-5638 | 1 Dena | 1 H20 | 2024-08-06 | N/A |
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. | ||||
CVE-2015-5650 | 1 Ajaxplorer | 1 Ajaxplorer | 2024-08-06 | N/A |
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2015-5662 | 1 Avast | 1 Avast Antivirus | 2024-08-06 | N/A |
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | ||||
CVE-2015-5482 | 1 Dev4press | 1 Gd Bbpress Attachments | 2024-08-06 | N/A |
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | ||||
CVE-2015-5531 | 1 Elasticsearch | 1 Elasticsearch | 2024-08-06 | N/A |
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. | ||||
CVE-2015-5609 | 1 Image-export Project | 1 Image-export | 2024-08-06 | N/A |
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | ||||
CVE-2015-5469 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2024-08-06 | N/A |
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | ||||
CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2024-08-06 | N/A |
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | ||||
CVE-2015-5471 | 1 Swim Team Project | 1 Swim Team | 2024-08-06 | N/A |
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | ||||
CVE-2015-5472 | 1 Ibs Mappro Project | 1 Ibs Mappro | 2024-08-06 | N/A |
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. |