Total
6544 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4148 | 1 Anyconnect | 1 Anyconnect | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | |||||
| CVE-2010-4107 | 1 Hp | 8 9000, Color Laserjet Mfp, Laserjet 4100 and 5 more | 2024-11-21 | 7.8 HIGH | N/A |
| The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. | |||||
| CVE-2010-4095 | 1 Robo-ftp | 1 Robo-ftp | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response. | |||||
| CVE-2010-3930 | 1 Modxcms | 1 Evolution | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. | |||||
| CVE-2010-3910 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. | |||||
| CVE-2010-3867 | 1 Proftpd | 1 Proftpd | 2024-11-21 | 7.1 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | |||||
| CVE-2010-3863 | 2 Apache, Jsecurity | 2 Shiro, Jsecurity | 2024-11-21 | 5.0 MEDIUM | N/A |
| Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | |||||
| CVE-2010-3842 | 1 Curl | 1 Curl | 2024-11-21 | 5.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. | |||||
| CVE-2010-3743 | 1 Rene Tegel | 1 Visual Synapse | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2010-3692 | 1 Apereo | 1 Phpcas | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter. | |||||
| CVE-2010-3689 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2024-11-21 | 6.9 MEDIUM | N/A |
| soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3688 | 1 Netartmedia | 1 Websiteadmin | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter. | |||||
| CVE-2010-3606 | 1 Netartmedia | 1 Real Estate Portal | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters. | |||||
| CVE-2010-3490 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. | |||||
| CVE-2010-3488 | 1 Houbysoft | 1 Quickshare | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL. | |||||
| CVE-2010-3487 | 1 Yellosoft | 1 Pinky | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | |||||
| CVE-2010-3486 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | |||||
| CVE-2010-3480 | 1 Apphp | 1 Php Microcms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2010-3468 | 1 Blueriver | 2 Mura Cms, Sava Cms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/. | |||||
| CVE-2010-3460 | 2 Gecad, Microsoft | 2 Axigen Mail Server, Windows | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | |||||