Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-03 | CVE-2017-7442 | Path Traversal vulnerability in Gonitro Nitro PRO 11.0.3.173 Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | 8.8 |
| 2017-08-02 | CVE-2017-11389 | Path Traversal vulnerability in Trendmicro Control Manager 6.0 Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. | 9.8 |
| 2017-07-29 | CVE-2017-11723 | Path Traversal vulnerability in Xinha 0.96 Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | 7.5 |
| 2017-07-26 | CVE-2017-11658 | Path Traversal vulnerability in Wp-Rocket In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | 7.5 |
| 2017-07-26 | CVE-2017-11630 | Path Traversal vulnerability in Fiyo CMS 2.0.7 dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | 7.5 |
| 2017-07-25 | CVE-2017-8033 | Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. | 7.8 |
| 2017-07-25 | CVE-2015-1847 | Path Traversal vulnerability in Appserver Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. | 7.5 |
| 2017-07-24 | CVE-2017-11589 | Path Traversal vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3 On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | 9.8 |
| 2017-07-24 | CVE-2017-11587 | Path Traversal vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3 On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI. | 7.5 |
| 2017-07-22 | CVE-2016-10400 | Path Traversal vulnerability in Atutor Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. | 7.5 |