Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-1577 | Path Traversal vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2017-09-28 | CVE-2017-14849 | Path Traversal vulnerability in Nodejs Node.Js 8.5.0 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | 7.5 |
| 2017-09-26 | CVE-2017-7974 | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | 9.8 |
| 2017-09-23 | CVE-2017-14722 | Path Traversal vulnerability in Wordpress Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | 7.5 |
| 2017-09-23 | CVE-2017-14719 | Path Traversal vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | 7.5 |
| 2017-09-22 | CVE-2017-8007 | Path Traversal vulnerability in Dell products In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. | 8.8 |
| 2017-09-20 | CVE-2016-6795 | Path Traversal vulnerability in Apache Struts In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | 9.8 |
| 2017-09-20 | CVE-2015-4074 | Path Traversal vulnerability in Helpdesk PRO Project Helpdesk PRO Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-09-19 | CVE-2017-10931 | Path Traversal vulnerability in ZTE Zxr10 1800-2S Firmware The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | 7.5 |
| 2017-09-17 | CVE-2017-14514 | Path Traversal vulnerability in Tenda W15E Firmware 15.11.0.10(1576)/15.11.0.14/V15.11.0.13Cn Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | 7.5 |