Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2017-15805 | Path Traversal vulnerability in Cisco products Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | 7.5 |
| 2017-10-19 | CVE-2017-15647 | Path Traversal vulnerability in Fiberhome Routerfiberhome Firmware On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | 7.5 |
| 2017-10-19 | CVE-2017-10933 | Path Traversal vulnerability in ZTE Zxdt22 Sf01 Firmware V2.06.00.00 All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | 7.5 |
| 2017-10-18 | CVE-2017-15359 | Path Traversal vulnerability in 3CX 15.5.3554.1 In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. | 6.5 |
| 2017-10-17 | CVE-2017-8805 | Path Traversal vulnerability in Debian Ftpsync 20171016 Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | 9.1 |
| 2017-10-16 | CVE-2017-9367 | Path Traversal vulnerability in Blackberry Workspaces Appliance-X and Workspaces Vapp A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | 9.8 |
| 2017-10-16 | CVE-2014-3702 | Path Traversal vulnerability in Redhat Edeploy Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. | 9.1 |
| 2017-10-15 | CVE-2017-15363 | Path Traversal vulnerability in Luracast Restler Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. | 7.5 |
| 2017-10-13 | CVE-2017-15276 | Path Traversal vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). | 8.8 |
| 2017-10-10 | CVE-2015-2856 | Path Traversal vulnerability in Accellion File Transfer Appliance Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. | 7.5 |