Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-20 | CVE-2017-16903 | Path Traversal vulnerability in Lvyecms Project Lvyecms LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. | 9.8 |
| 2017-11-20 | CVE-2017-15527 | Path Traversal vulnerability in Symantec Management Console Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. | 6.8 |
| 2017-11-17 | CVE-2017-1000170 | Path Traversal vulnerability in Jqueryfiletree Project Jqueryfiletree jqueryFileTree 2.1.5 and older Directory Traversal | 7.5 |
| 2017-11-17 | CVE-2017-16877 | Path Traversal vulnerability in Zeit Next.Js ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | 7.5 |
| 2017-11-16 | CVE-2017-1087 | Path Traversal vulnerability in Freebsd In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. | 7.8 |
| 2017-11-13 | CVE-2017-16806 | Path Traversal vulnerability in Ulterius Server 1.5.6.0/1.8.0.0 The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | 7.5 |
| 2017-11-10 | CVE-2017-16762 | Path Traversal vulnerability in Sanic Project Sanic Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | 7.5 |
| 2017-11-09 | CVE-2017-16759 | Path Traversal vulnerability in Librenms The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. | 5.9 |
| 2017-11-08 | CVE-2017-11512 | Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. | 7.5 |
| 2017-10-30 | CVE-2014-0115 | Path Traversal vulnerability in Apache Storm 0.9.0.1 Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. | 7.5 |