Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-25 | CVE-2017-12694 | Path Traversal vulnerability in Spidercontrol Scada web Server A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. | 7.5 |
| 2017-08-25 | CVE-2015-4181 | Path Traversal vulnerability in PHPmybackuppro Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-08-25 | CVE-2015-4180 | Path Traversal vulnerability in PHPmybackuppro Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-08-25 | CVE-2015-1395 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. | 7.5 |
| 2017-08-24 | CVE-2015-8352 | Path Traversal vulnerability in Zen-Cart ZEN Cart 1.5.4 Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. | 9.8 |
| 2017-08-24 | CVE-2017-9511 | Path Traversal vulnerability in Atlassian Crucible The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | 7.5 |
| 2017-08-24 | CVE-2017-12074 | Path Traversal vulnerability in Synology DNS Server Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | 6.5 |
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-08-21 | CVE-2017-7424 | Path Traversal vulnerability in Microfocus Enterprise Developer and Enterprise Server A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. | 6.5 |
| 2017-08-18 | CVE-2017-12943 | Path Traversal vulnerability in Dlink Dir-600 B1 Firmware 2.01 D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | 9.8 |