Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4703 | 1 Rename Project | 1 Rename | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. | ||||
| CVE-2015-4694 | 1 Zip Attachments Project | 1 Zip Attachments | 2024-11-21 | N/A |
| Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter. | ||||
| CVE-2015-4670 | 1 Devexpress | 1 Ajax Control Toolkit | 2024-11-21 | N/A |
| Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd. | ||||
| CVE-2015-4666 | 1 Xceedium | 1 Xsuite | 2024-11-21 | N/A |
| Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | ||||
| CVE-2015-4641 | 2 Samsung, Swiftkey | 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more | 2024-11-21 | N/A |
| Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory. | ||||
| CVE-2015-4632 | 1 Koha | 1 Koha | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. | ||||
| CVE-2015-4617 | 1 Easy2map | 1 Easy2map-photos | 2024-11-21 | N/A |
| Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. | ||||
| CVE-2015-4616 | 1 Easy2map Project | 1 Easy2map | 2024-11-21 | N/A |
| Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter. | ||||
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2024-11-21 | N/A |
| Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | ||||
| CVE-2015-4461 | 1 Efrontlearning | 1 Efront | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter. | ||||
| CVE-2015-4425 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. | ||||
| CVE-2015-4415 | 1 Magnifica Webscripts | 1 Anima Gallery | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/. | ||||
| CVE-2015-4414 | 1 Se Html5 Album Audio Player Project | 1 Se Html5 Album Audio Player | 2024-11-21 | N/A |
| Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2015-4289 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. | ||||
| CVE-2015-4181 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2024-11-21 | N/A |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | ||||
| CVE-2015-4180 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2024-11-21 | N/A |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. | ||||
| CVE-2015-4153 | 1 Zanematthew | 1 Zm Ajax Login \& Register | 2024-11-21 | N/A |
| Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-4152 | 1 Elastic | 1 Logstash | 2024-11-21 | N/A |
| Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option. | ||||
| CVE-2015-4085 | 1 Etherpad | 1 Etherpad | 2024-11-21 | N/A |
| Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | ||||
| CVE-2015-4074 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | ||||