Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-16806 Path Traversal vulnerability in Ulterius Server 1.5.6.0/1.8.0.0
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
network
low complexity
ulterius CWE-22
7.5
7.5
2017-11-10 CVE-2017-16762 Path Traversal vulnerability in Sanic Project Sanic
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
network
low complexity
sanic-project CWE-22
7.5
7.5
2017-11-09 CVE-2017-16759 Path Traversal vulnerability in Librenms
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
network
high complexity
librenms CWE-22
5.9
5.9
2017-11-08 CVE-2017-11512 Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL.
network
low complexity
manageengine CWE-22
7.5
7.5
2017-10-30 CVE-2014-0115 Path Traversal vulnerability in Apache Storm 0.9.0.1
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a ..
network
low complexity
apache CWE-22
7.5
7.5
2017-10-24 CVE-2017-14695 Path Traversal vulnerability in Saltstack Salt
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
network
low complexity
saltstack CWE-22
critical
 9.8
9.8
2017-10-23 CVE-2014-3744 Path Traversal vulnerability in Nodejs Node.Js
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
network
low complexity
nodejs CWE-22
7.5
7.5
2017-10-23 CVE-2017-9947 Path Traversal vulnerability in Siemens products
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5.
network
low complexity
siemens CWE-22
5.3
5.3
2017-10-23 CVE-2017-15805 Path Traversal vulnerability in Cisco products
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
network
low complexity
cisco CWE-22
7.5
7.5
2017-10-19 CVE-2017-15647 Path Traversal vulnerability in Fiberhome Routerfiberhome Firmware
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
network
low complexity
fiberhome CWE-22
7.5
7.5