Total
6551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2995 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.8 MEDIUM | N/A |
| The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | |||||
| CVE-2015-2990 | 1 Neojapan | 1 Desknet Neo | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. | |||||
| CVE-2015-2971 | 1 Seeds | 1 Acmailer | 2024-11-21 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. | |||||
| CVE-2015-2970 | 1 Lemon-s Php | 1 Simple Oekaki | 2024-11-21 | 6.4 MEDIUM | N/A |
| index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter. | |||||
| CVE-2015-2966 | 1 Droidwareuk | 1 Explorer\+ File Manager | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2015-2965 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-2950 | 1 Open Explorer Beta Project | 1 Open Explorer Beta | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | |||||
| CVE-2015-2875 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | |||||
| CVE-2015-2862 | 1 Kaseya | 1 Virtual System Administrator | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. | |||||
| CVE-2015-2860 | 1 Avigilon | 1 Avigilon Control Center | 2024-11-21 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL. | |||||
| CVE-2015-2856 | 1 Accellion | 1 File Transfer Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. | |||||
| CVE-2015-2775 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2024-11-21 | 7.6 HIGH | N/A |
| Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. | |||||
| CVE-2015-2304 | 3 Canonical, Libarchive, Opensuse | 3 Ubuntu Linux, Libarchive, Opensuse | 2024-11-21 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. | |||||
| CVE-2015-2243 | 1 Webshophun | 1 Webshop Hun | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | |||||
| CVE-2015-2166 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | |||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | |||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | |||||
| CVE-2015-2071 | 1 Etouch | 1 Samepage | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter. | |||||
| CVE-2015-2067 | 1 Magmi Project | 1 Magmi | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2015-2060 | 2 Cabextract Project, Linux | 2 Cabextract, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. | |||||