Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4040 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2024-11-21 | N/A |
| Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. | ||||
| CVE-2015-4031 | 1 Visualmining | 1 Netcharts Server | 2024-11-21 | N/A |
| Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2015-3940 | 1 Schneider-electric | 1 Wonderware System Platform 2014 | 2024-11-21 | N/A |
| Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2015-3939 | 1 Ids | 3 Ids Rtu 850c, Nc854, Nc856 | 2024-11-21 | N/A |
| Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. | ||||
| CVE-2015-3897 | 1 Bonitasoft | 1 Bonita Bpm Portal | 2024-11-21 | N/A |
| Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. | ||||
| CVE-2015-3648 | 1 Montala | 1 Resourcespace | 2024-11-21 | N/A |
| Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. | ||||
| CVE-2015-3629 | 3 Docker, Opensuse, Redhat | 3 Libcontainer, Opensuse, Rhel Extras Other | 2024-11-21 | 7.8 High |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | ||||
| CVE-2015-3627 | 2 Docker, Redhat | 3 Docker, Libcontainer, Rhel Extras Other | 2024-11-21 | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | ||||
| CVE-2015-3337 | 1 Elasticsearch | 1 Elasticsearch | 2024-11-21 | N/A |
| Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. | ||||
| CVE-2015-3301 | 1 Thecartpress | 1 Thecartpress Ecommerce Shopping Cart | 2024-11-21 | N/A |
| Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. | ||||
| CVE-2015-3297 | 1 Etherpad | 1 Etherpad | 2024-11-21 | N/A |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. | ||||
| CVE-2015-3151 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | ||||
| CVE-2015-2996 | 1 Sysaid | 1 Sysaid | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. | ||||
| CVE-2015-2995 | 1 Sysaid | 1 Sysaid | 2024-11-21 | N/A |
| The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | ||||
| CVE-2015-2990 | 1 Neojapan | 1 Desknet Neo | 2024-11-21 | N/A |
| Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. | ||||
| CVE-2015-2971 | 1 Seeds | 1 Acmailer | 2024-11-21 | N/A |
| Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. | ||||
| CVE-2015-2970 | 1 Lemon-s Php | 1 Simple Oekaki | 2024-11-21 | N/A |
| index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter. | ||||
| CVE-2015-2966 | 1 Droidwareuk | 1 Explorer\+ File Manager | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2015-2965 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A |
| Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | ||||