Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-18 | CVE-2017-7433 | Path Traversal vulnerability in Micro Focus Vibe An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. | 6.5 |
| 2017-05-17 | CVE-2017-9031 | Path Traversal vulnerability in Deluge-Torrent Deluge 1.3.14 The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | 7.5 |
| 2017-05-17 | CVE-2017-9030 | Path Traversal vulnerability in Codextrous B2J Contact The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | 5.0 |
| 2017-05-12 | CVE-2016-10331 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | 5.0 |
| 2017-05-12 | CVE-2016-10330 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | 7.1 |
| 2017-05-12 | CVE-2017-8921 | Path Traversal vulnerability in Flightgear In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). | 5.0 |
| 2017-05-12 | CVE-2017-2163 | Path Traversal vulnerability in N-I-Agroinformatics SOY CMS Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | 5.0 |
| 2017-05-10 | CVE-2017-8868 | Path Traversal vulnerability in Flatcore Flatcore-Cms 1.4.7 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. | 5.0 |
| 2017-05-09 | CVE-2017-8853 | Path Traversal vulnerability in Fiyo CMS 2.0.7 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | 6.4 |
| 2017-05-06 | CVE-2017-7929 | Path Traversal vulnerability in Advantech Webaccess An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. | 5.5 |