Total
6487 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-6038 | 1 Ibm | 1 Aix | 2024-08-06 | N/A |
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | ||||
CVE-2016-5803 | 1 Ca Technologies | 1 Unified Infrastructure Management | 2024-08-06 | N/A |
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. | ||||
CVE-2016-6023 | 1 Ibm | 1 Sterling Secure Proxy | 2024-08-06 | N/A |
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | ||||
CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2024-08-06 | N/A |
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. | ||||
CVE-2016-5970 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2024-08-06 | N/A |
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | ||||
CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2024-08-06 | N/A |
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | ||||
CVE-2016-5639 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2024-08-06 | N/A |
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | ||||
CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2024-08-06 | N/A |
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | ||||
CVE-2016-5725 | 3 Jcraft, Microsoft, Redhat | 4 Jsch, Windows, Jboss Amq and 1 more | 2024-08-06 | N/A |
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. | ||||
CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 11 Libarchive, Linux, Enterprise Linux and 8 more | 2024-08-06 | N/A |
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | ||||
CVE-2016-5307 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. | ||||
CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2024-08-06 | N/A |
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | ||||
CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2024-08-06 | N/A |
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2024-08-06 | N/A |
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | ||||
CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-08-06 | N/A |
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | ||||
CVE-2016-5049 | 1 Readydesk | 1 Readydesk | 2024-08-06 | N/A |
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter. | ||||
CVE-2016-4986 | 1 Jenkins | 1 Tap | 2024-08-06 | 7.5 High |
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | ||||
CVE-2016-4987 | 1 Jenkins | 1 Image Gallery | 2024-08-06 | 6.5 Medium |
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | ||||
CVE-2016-4814 | 1 Gsi | 1 Old Gsi Maps | 2024-08-06 | N/A |
Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2016-4815 | 1 Buffalo | 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more | 2024-08-06 | N/A |
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |