Total
6551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5688 | 1 Geddyjs | 1 Geddy | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. | |||||
| CVE-2015-5662 | 1 Avast | 1 Avast Antivirus | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | |||||
| CVE-2015-5650 | 1 Ajaxplorer | 1 Ajaxplorer | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-5638 | 1 Dena | 1 H20 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2015-5609 | 1 Image-export Project | 1 Image-export | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | |||||
| CVE-2015-5531 | 1 Elasticsearch | 1 Elasticsearch | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. | |||||
| CVE-2015-5482 | 1 Dev4press | 1 Gd Bbpress Attachments | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | |||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | |||||
| CVE-2015-5472 | 1 Ibs Mappro Project | 1 Ibs Mappro | 2024-11-21 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2015-5471 | 1 Swim Team Project | 1 Swim Team | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2015-5469 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | |||||
| CVE-2015-5468 | 1 Wpshopstyling | 1 Wp E-commerce Shop Styling | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. | |||||
| CVE-2015-5467 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A | 9.8 CRITICAL |
| web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | |||||
| CVE-2015-5353 | 1 Novius-os | 1 Novius Os | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. | |||||
| CVE-2015-5345 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | |||||
| CVE-2015-5322 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. | |||||
| CVE-2015-5313 | 1 Redhat | 1 Libvirt | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. | |||||
| CVE-2015-5305 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. | |||||
| CVE-2015-5199 | 2 Canonical, Libvdpau Project | 2 Ubuntu Linux, Libvdpau | 2024-11-21 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. | |||||
| CVE-2015-5174 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. | |||||