Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9389 | 1 Sonatype | 1 Nexus | 2024-11-21 | N/A |
| Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-9375 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | N/A |
| Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. | ||||
| CVE-2014-9373 | 1 Manageengine | 1 Netflow Analyzer | 2024-11-21 | N/A |
| Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename. | ||||
| CVE-2014-9372 | 1 Manageengine | 1 Password Manager Pro | 2024-11-21 | N/A |
| Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. | ||||
| CVE-2014-9356 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | 8.6 High |
| Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | ||||
| CVE-2014-9282 | 1 Speed Software | 2 Explorer, Root Explorer | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename. | ||||
| CVE-2014-9261 | 1 Codologic | 1 Codoforum | 2024-11-21 | N/A |
| The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | ||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2024-11-21 | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | ||||
| CVE-2014-9234 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2024-11-21 | N/A |
| Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2014-9181 | 1 Plex | 1 Media Server | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. | ||||
| CVE-2014-9155 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. | ||||
| CVE-2014-9119 | 1 Db Backup Project | 1 Db Backup | 2024-11-21 | N/A |
| Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2014-9014 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2024-11-21 | 4.3 Medium |
| Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2014-8961 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-11-21 | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | ||||
| CVE-2014-8959 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-11-21 | N/A |
| Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | ||||
| CVE-2014-8939 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.3 Medium |
| Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. | ||||
| CVE-2014-8871 | 1 Sap | 1 Hybris | 2024-11-21 | N/A |
| Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | ||||
| CVE-2014-8801 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | N/A |
| Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-8799 | 1 Dukapress | 1 Dukapress | 2024-11-21 | N/A |
| Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. | ||||
| CVE-2014-8742 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. | ||||