Vulnerabilities (CVE)

Filtered by CWE-22
Total 6551 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4986 1 Jenkins 1 Tap 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
CVE-2016-4815 1 Buffalo 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-4814 1 Gsi 1 Old Gsi Maps 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-4532 1 Trihedral 1 Vtscada 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
CVE-2016-4323 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2024-11-21 5.8 MEDIUM 3.7 LOW
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
CVE-2016-4320 1 Atlassian 1 Bitbucket 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVE-2016-4314 1 Wso2 1 Carbon 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
CVE-2016-4313 1 Extplorer 1 Extplorer 2024-11-21 6.8 MEDIUM 7.8 HIGH
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
CVE-2016-4004 1 Dell 1 Openmanage Server Administrator 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
CVE-2016-3976 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
CVE-2016-3972 1 Dotcms 1 Dotcms 2024-11-21 4.0 MEDIUM 2.7 LOW
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2016-3151 1 Barco 6 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Cse-200 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors.
CVE-2016-2933 1 Ibm 1 Bigfix Remote Control 2024-11-21 6.8 MEDIUM 6.8 MEDIUM
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
CVE-2016-2872 1 Ibm 2 Qradar Security Information And Event Manager, Security Qradar Incident Forensics 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2016-2389 1 Sap 1 Netweaver 2024-11-21 7.8 HIGH 7.5 HIGH
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
CVE-2016-2289 1 Iconics 1 Webhmi 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
CVE-2016-2205 1 Symantec 2 Workspace Streaming, Workspace Virtualization 2024-11-21 6.1 MEDIUM 5.7 MEDIUM
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
CVE-2016-2097 1 Rubyonrails 2 Rails, Ruby On Rails 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
CVE-2016-2087 1 Hexchat Project 1 Hexchat 2024-11-21 6.8 MEDIUM 7.4 HIGH
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVE-2016-1671 1 Google 2 Android, Chrome 2024-11-21 6.8 MEDIUM 8.1 HIGH
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.