Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
Max CVSS
6.4
EPSS Score
17.16%
Published
2014-05-30
Updated
2017-12-29
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
Max CVSS
6.4
EPSS Score
0.85%
Published
2014-05-30
Updated
2017-12-29
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
Max CVSS
5.0
EPSS Score
9.06%
Published
2014-05-21
Updated
2018-10-09
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
Max CVSS
6.8
EPSS Score
27.38%
Published
2014-05-20
Updated
2021-04-13
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
Max CVSS
6.4
EPSS Score
0.46%
Published
2014-05-30
Updated
2014-06-24
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Max CVSS
4.0
EPSS Score
2.93%
Published
2014-05-14
Updated
2018-10-09
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
Max CVSS
7.1
EPSS Score
0.86%
Published
2014-05-14
Updated
2014-06-05
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
Max CVSS
5.0
EPSS Score
0.56%
Published
2014-05-08
Updated
2014-07-01
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.
Max CVSS
6.4
EPSS Score
0.59%
Published
2014-05-30
Updated
2014-06-05
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.
Max CVSS
4.0
EPSS Score
0.38%
Published
2014-05-02
Updated
2014-05-02
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.
Max CVSS
7.1
EPSS Score
0.28%
Published
2014-05-16
Updated
2017-08-29

CVE-2014-0130

Known exploited
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Max CVSS
4.3
EPSS Score
0.33%
Published
2014-05-07
Updated
2023-02-13
CISA KEV Added
2022-03-25
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
Max CVSS
6.8
EPSS Score
0.17%
Published
2014-05-14
Updated
2014-05-15
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-05-20
Updated
2015-10-13
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
6.4
EPSS Score
0.44%
Published
2014-05-12
Updated
2014-05-13
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI.
Max CVSS
6.4
EPSS Score
0.34%
Published
2014-05-14
Updated
2014-05-15
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
Max CVSS
4.3
EPSS Score
0.34%
Published
2014-05-14
Updated
2014-05-15

CVE-2012-4915

Public exploit
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Max CVSS
5.0
EPSS Score
93.16%
Published
2014-05-29
Updated
2017-08-29
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!