Total
6487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7552 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
| On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | ||||
| CVE-2016-7162 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2024-08-06 | 7.5 High |
| The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | ||||
| CVE-2016-7169 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
| Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. | ||||
| CVE-2016-7116 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-06 | 6.0 Medium |
| Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. | ||||
| CVE-2016-7135 | 1 Plone | 1 Plone | 2024-08-06 | N/A |
| Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions. | ||||
| CVE-2016-7041 | 1 Redhat | 4 Jboss Bpms, Jboss Brms, Jboss Drools and 1 more | 2024-08-06 | N/A |
| Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | ||||
| CVE-2016-7087 | 2 Microsoft, Vmware | 2 Windows, Horizon View | 2024-08-06 | N/A |
| Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-7063 | 1 Pritunl | 1 Pritunl-client | 2024-08-06 | 9.8 Critical |
| A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. | ||||
| CVE-2016-6896 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
| Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. | ||||
| CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2024-08-06 | N/A |
| Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | ||||
| CVE-2016-6614 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-06 | N/A |
| An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2016-6600 | 1 Zohocorp | 1 Webnms Framework | 2024-08-06 | N/A |
| Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. | ||||
| CVE-2016-6517 | 1 Liferay | 1 Liferay | 2024-08-06 | N/A |
| Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. | ||||
| CVE-2016-6371 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2024-08-06 | N/A |
| Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | ||||
| CVE-2016-6370 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2024-08-06 | N/A |
| Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. | ||||
| CVE-2016-6321 | 1 Gnu | 1 Tar | 2024-08-06 | N/A |
| Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | ||||
| CVE-2016-6269 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-06 | 9.1 Critical |
| Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | ||||
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2024-08-06 | N/A |
| Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | ||||
| CVE-2016-6138 | 1 Sap | 1 Trex | 2024-08-06 | N/A |
| Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | ||||
| CVE-2016-6126 | 1 Ibm | 1 Kenexa Lms On Cloud | 2024-08-06 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||