Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-04 | CVE-2017-9416 | Path Traversal vulnerability in Odoo 10.0/8.0/9.0 Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | 6.5 |
| 2017-06-01 | CVE-2015-5473 | Path Traversal vulnerability in Samsung Syncthru 6 Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | 9.8 |
| 2017-05-26 | CVE-2015-0269 | Path Traversal vulnerability in Contao CMS Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors. | 4.3 |
| 2017-05-25 | CVE-2015-1834 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. | 6.5 |
| 2017-05-23 | CVE-2017-8314 | Path Traversal vulnerability in multiple products Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | 5.5 |
| 2017-05-23 | CVE-2017-5966 | Path Traversal vulnerability in Sitecore CRM 8.1 Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | 4.9 |
| 2017-05-23 | CVE-2017-6821 | Path Traversal vulnerability in Synacor Zimbra Collaboration Suite Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-05-23 | CVE-2015-5609 | Path Traversal vulnerability in Image-Export Project Image-Export 1.1 Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | 9.1 |
| 2017-05-23 | CVE-2015-5469 | Path Traversal vulnerability in MDC Youtube Downloader Project MDC Youtube Downloader 2.1.0 Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | 7.5 |
| 2017-05-23 | CVE-2015-5468 | Path Traversal vulnerability in Wpshopstyling WP E-Commerce Shop Styling 2.5 Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. | 7.5 |