Vulnerabilities (CVE)

Filtered by CWE-22
Total 6548 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1641 1 Quixplorer 1 Quixplorer 2024-11-21 7.8 HIGH N/A
Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php.
CVE-2013-1627 2 Advantech, Indusoft 2 Advantech Studio, Web Studio 2024-11-21 7.8 HIGH N/A
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
CVE-2013-1608 1 Symantec 1 Netbackup Appliance 2024-11-21 6.7 MEDIUM N/A
Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-1604 1 Maygion 1 Ip Camera Firmware 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2013-1597 1 Vivotek 2 Pt7135, Pt7135 Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
CVE-2013-1469 1 Piwigo 1 Piwigo 2024-11-21 4.0 MEDIUM N/A
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
CVE-2013-1224 1 Cisco 1 Unified Customer Voice Portal 2024-11-21 7.8 HIGH N/A
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
CVE-2013-1167 1 Cisco 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more 2024-11-21 7.1 HIGH N/A
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
CVE-2013-1156 1 Cisco 1 Prime Central For Hosted Collaboration Solution 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
CVE-2013-1084 1 Novell 1 Zenworks Configuration Management 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.
CVE-2013-1082 1 Novell 1 Zenworks Mobile Management 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
CVE-2013-1081 1 Novell 1 Zenworks Mobile Management 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
CVE-2013-1079 1 Novell 1 Zenworks Configuration Management 2024-11-21 6.8 MEDIUM N/A
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
CVE-2013-0911 1 Google 1 Chrome 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
CVE-2013-0895 4 Apple, Google, Linux and 1 more 4 Mac Os X, Chrome, Linux Kernel and 1 more 2024-11-21 7.5 HIGH N/A
Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.
CVE-2013-0831 2 Google, Opensuse 2 Chrome, Opensuse 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
CVE-2013-0705 1 Lsi 1 3ware Disk Manager 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-0679 1 Siemens 2 Simatic Pcs7, Wincc 2024-11-21 4.0 MEDIUM N/A
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
CVE-2013-0673 1 Matrikonopc 1 Matrikonopc A\&e Historian 2024-11-21 9.4 HIGH N/A
Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.
CVE-2013-0671 1 Siemens 1 Wincc Tia Portal 2024-11-21 4.0 MEDIUM N/A
Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.