Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2017-15079 | Path Traversal vulnerability in Wpmudev Smush Image Compression and Optimization The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | 7.5 |
| 2017-10-05 | CVE-2017-13996 | Path Traversal vulnerability in Loytec Lvis-3Me Firmware 6.1.1 A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. | 8.8 |
| 2017-10-05 | CVE-2017-12263 | Path Traversal vulnerability in Cisco License Manager 3.2.6 A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. | 7.5 |
| 2017-10-03 | CVE-2017-14754 | Path Traversal vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. | 6.5 |
| 2017-09-30 | CVE-2017-13985 | Path Traversal vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | 6.5 |
| 2017-09-28 | CVE-2017-1577 | Path Traversal vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2017-09-28 | CVE-2017-14849 | Path Traversal vulnerability in Nodejs Node.Js 8.5.0 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | 7.5 |
| 2017-09-26 | CVE-2017-7974 | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | 9.8 |
| 2017-09-23 | CVE-2017-14722 | Path Traversal vulnerability in Wordpress Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | 7.5 |
| 2017-09-23 | CVE-2017-14719 | Path Traversal vulnerability in Wordpress Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | 7.5 |