Security Vulnerabilities, CVEs, Published In August 2014 (Directory traversal)
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
Max CVSS
5.0
EPSS Score
9.19%
Published
2014-08-22
Updated
2017-09-08
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
Max CVSS
5.0
EPSS Score
2.18%
Published
2014-08-19
Updated
2014-08-20
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
Max CVSS
4.0
EPSS Score
0.14%
Published
2014-08-12
Updated
2014-08-13
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-08-06
Updated
2014-08-07
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-08-06
Updated
2014-08-07
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Max CVSS
6.4
EPSS Score
96.04%
Published
2014-08-01
Updated
2024-03-21
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
Max CVSS
6.8
EPSS Score
0.75%
Published
2014-08-20
Updated
2014-08-21
CVE-2014-3914
Public exploit
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Max CVSS
10.0
EPSS Score
97.05%
Published
2014-08-07
Updated
2014-08-07
Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
5.0
EPSS Score
0.89%
Published
2014-08-07
Updated
2014-08-07
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.
Max CVSS
4.0
EPSS Score
0.13%
Published
2014-08-20
Updated
2017-08-29
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
Max CVSS
4.0
EPSS Score
4.27%
Published
2014-08-12
Updated
2018-10-09
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
Max CVSS
9.3
EPSS Score
96.72%
Published
2014-08-07
Updated
2014-08-07
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
Max CVSS
4.0
EPSS Score
0.39%
Published
2014-08-03
Updated
2014-08-04
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
Max CVSS
4.0
EPSS Score
0.38%
Published
2014-08-03
Updated
2014-08-04
14 vulnerabilities found