Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
Max CVSS
10.0
EPSS Score
17.70%
Published
2014-12-16
Updated
2014-12-17
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Max CVSS
10.0
EPSS Score
0.85%
Published
2014-10-31
Updated
2018-10-09
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
Max CVSS
7.5
EPSS Score
94.62%
Published
2014-12-10
Updated
2019-07-15
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
Max CVSS
7.5
EPSS Score
3.23%
Published
2014-10-08
Updated
2017-09-08

CVE-2014-6037

Public exploit
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
Max CVSS
7.5
EPSS Score
96.59%
Published
2014-10-26
Updated
2020-03-26
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
Max CVSS
7.5
EPSS Score
95.17%
Published
2014-12-04
Updated
2014-12-05
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.
Max CVSS
7.8
EPSS Score
1.07%
Published
2014-12-16
Updated
2014-12-17
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
Max CVSS
7.5
EPSS Score
90.22%
Published
2014-10-21
Updated
2020-01-17

CVE-2014-5005

Public exploit
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
Max CVSS
7.5
EPSS Score
97.22%
Published
2014-10-21
Updated
2020-01-17

CVE-2014-4877

Public exploit
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Max CVSS
9.3
EPSS Score
7.82%
Published
2014-10-29
Updated
2017-02-17

CVE-2014-3914

Public exploit
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Max CVSS
10.0
EPSS Score
97.05%
Published
2014-08-07
Updated
2014-08-07
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
Max CVSS
7.1
EPSS Score
0.86%
Published
2014-05-14
Updated
2014-06-05
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
Max CVSS
7.8
EPSS Score
95.83%
Published
2014-06-19
Updated
2016-12-24
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.
Max CVSS
10.0
EPSS Score
0.26%
Published
2014-04-15
Updated
2014-04-16
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.
Max CVSS
10.0
EPSS Score
0.26%
Published
2014-04-15
Updated
2014-04-16
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.
Max CVSS
7.5
EPSS Score
10.57%
Published
2014-04-28
Updated
2020-02-24
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
Max CVSS
9.4
EPSS Score
89.87%
Published
2014-07-26
Updated
2017-01-07
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.
Max CVSS
8.5
EPSS Score
13.17%
Published
2014-07-26
Updated
2017-01-07
Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.
Max CVSS
9.0
EPSS Score
1.96%
Published
2014-06-19
Updated
2019-10-09
Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.
Max CVSS
7.1
EPSS Score
4.10%
Published
2014-06-19
Updated
2014-06-26
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.
Max CVSS
7.5
EPSS Score
1.35%
Published
2014-12-25
Updated
2014-12-29
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
93.66%
Published
2014-04-04
Updated
2015-08-13
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.35%
Published
2014-03-16
Updated
2022-11-10
Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-03-16
Updated
2014-03-26
Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.
Max CVSS
9.3
EPSS Score
0.35%
Published
2014-03-19
Updated
2016-11-15
44 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!