Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-3972 Path Traversal vulnerability in Dotcms
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a ..
network
low complexity
dotcms CWE-22
2.7
2016-04-12 CVE-2016-4004 Path Traversal vulnerability in Dell Openmanage Server Administrator 8.2
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
network
low complexity
dell CWE-22
4.9
2016-04-11 CVE-2015-5313 Path Traversal vulnerability in Redhat Libvirt
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a ..
local
high complexity
redhat CWE-22
2.5
2016-04-11 CVE-2016-0784 Path Traversal vulnerability in Apache Openmeetings
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a ..
network
low complexity
apache CWE-22
6.5
2016-04-11 CVE-2016-0709 Path Traversal vulnerability in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a ..
network
low complexity
apache CWE-22
7.2
2016-04-07 CVE-2016-3976 Path Traversal vulnerability in SAP Netweaver Application Server Java
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
network
low complexity
sap CWE-22
7.5
2016-04-07 CVE-2016-2097 Path Traversal vulnerability in Rubyonrails Ruby on Rails
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails CWE-22
5.3
2016-04-01 CVE-2016-2289 Path Traversal vulnerability in Iconics Webhmi 9.0
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
network
low complexity
iconics CWE-22
7.5
2016-02-25 CVE-2015-5345 Path Traversal vulnerability in multiple products
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
network
low complexity
debian apache canonical CWE-22
5.3
2016-02-25 CVE-2015-5174 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
network
low complexity
debian apache canonical CWE-22
4.3