Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2016-02-23 CVE-2013-7448 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
network
low complexity
debian didiwiki-project CWE-22
7.5
2016-02-16 CVE-2016-2389 Path Traversal vulnerability in SAP Netweaver 7.40
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a ..
network
low complexity
sap CWE-22
7.5
2016-02-16 CVE-2016-0752 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails opensuse suse debian redhat CWE-22
7.5
2016-02-13 CVE-2016-1525 Path Traversal vulnerability in Netgear Prosafe Network Management Software 300 1.5.0.11
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a ..
network
low complexity
netgear CWE-22
8.6
2016-01-30 CVE-2016-1145 Path Traversal vulnerability in NEC Expresscluster X 3.3
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
nec CWE-22
7.5
2016-01-29 CVE-2015-8794 Path Traversal vulnerability in Roundcube Webmail 1.1.0/1.1.1
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
network
low complexity
roundcube CWE-22
6.5
2016-01-29 CVE-2015-8770 Path Traversal vulnerability in Roundcube Webmail
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a ..
network
high complexity
roundcube CWE-22
7.5
2016-01-19 CVE-2015-6833 Path Traversal vulnerability in PHP
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a ..
network
low complexity
php CWE-22
7.5
2016-01-18 CVE-2015-4988 Path Traversal vulnerability in IBM Tealeaf Customer Experience
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
8.6
2016-01-15 CVE-2016-0855 Path Traversal vulnerability in Advantech Webaccess
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
network
low complexity
advantech CWE-22
7.5