Total
6549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1707 | 1 Google | 1 Chrome Os | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. | |||||
| CVE-2014-1698 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | |||||
| CVE-2014-1507 | 2 Mozilla, Oracle | 2 Firefoxos, Solaris | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object. | |||||
| CVE-2014-1506 | 3 Google, Mozilla, Oracle | 3 Android, Firefox, Solaris | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments. | |||||
| CVE-2014-1442 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | |||||
| CVE-2014-1222 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. | |||||
| CVE-2014-125080 | 1 Faplanet Project | 1 Faplanet | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125069 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644. | |||||
| CVE-2014-125068 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643. | |||||
| CVE-2014-125033 | 1 Rails-cv-app Project | 1 Rails-cv-app | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-10397 | 1 Para | 1 Antioch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | |||||
| CVE-2014-10396 | 1 Organizedthemes | 1 Epic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | |||||
| CVE-2014-10390 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. | |||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | |||||
| CVE-2014-10068 | 1 Hapi | 1 Inert | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | |||||
| CVE-2014-10066 | 1 Fancy-server Project | 1 Fancy-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. | |||||
| CVE-2014-10037 | 1 Domphp | 1 Domphp | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||||
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. | |||||
| CVE-2014-100033 | 1 Licensepal | 1 Arcticdesk | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2024-11-21 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||