Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2017-8033 Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268.
local
low complexity
cloudfoundry CWE-22
7.8
2017-07-25 CVE-2015-1847 Path Traversal vulnerability in Appserver
Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a ..
network
low complexity
appserver CWE-22
7.5
2017-07-24 CVE-2017-11589 Path Traversal vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd.
network
low complexity
cisco CWE-22
critical
9.8
2017-07-24 CVE-2017-11587 Path Traversal vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.
network
low complexity
cisco CWE-22
7.5
2017-07-22 CVE-2016-10400 Path Traversal vulnerability in Atutor
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php.
network
low complexity
atutor CWE-22
7.5
2017-07-21 CVE-2017-10993 Path Traversal vulnerability in Contao CMS
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
network
low complexity
contao CWE-22
8.8
2017-07-20 CVE-2017-11500 Path Traversal vulnerability in Metinfo 5.3.17
A directory traversal vulnerability exists in MetInfo 5.3.17.
network
low complexity
metinfo CWE-22
7.5
2017-07-20 CVE-2017-11469 Path Traversal vulnerability in Idera Uptime Infrastructure Monitor 7.8
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
network
low complexity
idera CWE-22
7.5
2017-07-19 CVE-2017-11456 Path Traversal vulnerability in Geneko products
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
network
low complexity
geneko CWE-22
7.5
2017-07-19 CVE-2017-11440 Path Traversal vulnerability in Sitecore CMS 8.2
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
network
low complexity
sitecore CWE-22
4.9