Total
6551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2024-11-21 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | |||||
| CVE-2015-1199 | 1 Ppmd Project | 1 Ppmd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ppmd 10.1-5. | |||||
| CVE-2015-1198 | 1 Linux-ha | 1 Ha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | |||||
| CVE-2015-1195 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2024-11-21 | 6.5 MEDIUM | N/A |
| The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. | |||||
| CVE-2015-1193 | 1 Pax Project | 1 Pax | 2024-11-21 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||||
| CVE-2015-1192 | 1 Kgb Project | 1 Kgb | 2024-11-21 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. | |||||
| CVE-2015-1191 | 1 Zlib | 1 Pigz | 2024-11-21 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||||
| CVE-2015-1087 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | |||||
| CVE-2015-1003 | 1 Ininet Solutions | 1 Scada Web Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2015-10105 | 1 Ip-finder | 1 Ip Blacklist Cloud | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. | |||||
| CVE-2015-10043 | 1 Apollo Project | 1 Apollo | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307. | |||||
| CVE-2015-10030 | 1 Surpass Project | 1 Surpass | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10024 | 1 Larasync Project | 1 Larasync | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612. | |||||
| CVE-2015-1000006 | 1 Recent-backups Project | 1 Recent-backups | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in recent-backups v0.7 wordpress plugin | |||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | |||||
| CVE-2015-0984 | 1 Honeywell | 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more | 2024-11-21 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | |||||
| CVE-2015-0933 | 1 Sharelatex | 1 Sharelatex | 2024-11-21 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | |||||
| CVE-2015-0911 | 1 Dounokouno | 1 Transmitmail | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | |||||
| CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2024-11-21 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | |||||
| CVE-2015-0878 | 1 Almail | 1 Al-mail32 | 2024-11-21 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. | |||||