Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-17 | CVE-2017-9030 | Path Traversal vulnerability in Codextrous B2J Contact 2.1.12 The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | 7.5 |
| 2017-05-12 | CVE-2016-10331 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | 7.5 |
| 2017-05-12 | CVE-2016-10330 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | 7.1 |
| 2017-05-12 | CVE-2017-8921 | Path Traversal vulnerability in Flightgear In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). | 7.5 |
| 2017-05-12 | CVE-2017-2163 | Path Traversal vulnerability in N-I-Agroinformatics SOY CMS Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | 7.5 |
| 2017-05-10 | CVE-2017-8868 | Path Traversal vulnerability in Flatcore Flatcore-Cms 1.4.7 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. | 7.5 |
| 2017-05-09 | CVE-2017-8853 | Path Traversal vulnerability in Fiyo CMS 2.0.7 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | 7.5 |
| 2017-05-06 | CVE-2017-7929 | Path Traversal vulnerability in Advantech Webaccess An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. | 7.1 |
| 2017-05-03 | CVE-2017-6629 | Path Traversal vulnerability in Cisco Unity Connection 10.5(2) A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. | 5.3 |
| 2017-05-03 | CVE-2016-10367 | Path Traversal vulnerability in Opsview In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | 7.5 |