Vulnerabilities (CVE)

Filtered by CWE-22
Total 6549 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2279 1 Seeddms 1 Seeddms 2024-11-21 6.4 MEDIUM N/A
Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278.
CVE-2014-2217 1 Telerik 1 Ui For Asp.net Ajax 2024-11-21 7.5 HIGH N/A
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.
CVE-2014-2210 1 Ca 1 Erwin Web Portal 2024-11-21 7.5 HIGH N/A
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
CVE-2014-2145 1 Cisco 1 Unity Connection 2024-11-21 4.0 MEDIUM N/A
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
CVE-2014-2069 1 Eshtery.she7ata 1 Eshtery Cms 2024-11-21 5.0 MEDIUM 7.5 HIGH
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
CVE-2014-2059 1 Jenkins 1 Jenkins 2024-11-21 6.5 MEDIUM N/A
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
CVE-2014-1975 1 R-company 1 Unzipper 2024-11-21 5.8 MEDIUM N/A
Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
CVE-2014-1974 1 Lyesoft 1 Andexplorer 2024-11-21 6.4 MEDIUM N/A
Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.
CVE-2014-1973 1 Nextapp 1 File Explorer 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
CVE-2014-1970 2 Estrongs, Google 2 Es File Explorer, Android 2024-11-21 5.8 MEDIUM N/A
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.
CVE-2014-1969 1 Apps4u\@android 1 Sd Card Manager 2024-11-21 5.8 MEDIUM N/A
Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename.
CVE-2014-1923 1 Koha 1 Koha 2024-11-21 5.0 MEDIUM 7.5 HIGH
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.
CVE-2014-1922 1 Koha 1 Koha 2024-11-21 5.0 MEDIUM 7.5 HIGH
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-1907 2 Videowhisper, Wordpress 2 Live Streaming Integration Plugin, Wordpress 2024-11-21 6.4 MEDIUM N/A
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.
CVE-2014-1843 1 Southrivertech 1 Titan Ftp Server 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
CVE-2014-1842 1 Southrivertech 1 Titan Ftp Server 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
CVE-2014-1841 1 Southrivertech 1 Titan Ftp Server 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
CVE-2014-1836 1 Impresscms 1 Impresscms 2024-11-21 6.4 MEDIUM N/A
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
CVE-2014-1833 1 Devscripts Devel Team 1 Devscripts 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
CVE-2014-1715 4 Apple, Google, Linux and 1 more 4 Mac Os X, Chrome, Linux Kernel and 1 more 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.