Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-10 | CVE-2016-7116 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. | 6.0 |
| 2016-12-09 | CVE-2016-6321 | Path Traversal vulnerability in GNU TAR Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | 7.5 |
| 2016-11-30 | CVE-2016-2933 | Path Traversal vulnerability in IBM Bigfix Remote Control 9.1.2 Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | 6.8 |
| 2016-11-04 | CVE-2016-9177 | Path Traversal vulnerability in Sparkjava Spark Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2016-10-06 | CVE-2016-1000112 | Path Traversal vulnerability in Contussupport Contus-Video-Comments 1.0 Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | 9.4 |
| 2016-10-06 | CVE-2015-1000006 | Path Traversal vulnerability in Recent-Backups Project Recent-Backups 0.7 Remote file download vulnerability in recent-backups v0.7 wordpress plugin | 5.0 |
| 2016-10-06 | CVE-2015-1000005 | Path Traversal vulnerability in Candidate-Application-Form Project Candidate-Application-Form 1.0 Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | 5.0 |
| 2016-10-06 | CVE-2016-6023 | Path Traversal vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | 5.0 |
| 2016-10-05 | CVE-2016-8343 | Path Traversal vulnerability in Indasengineering web Scada Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2016-10-03 | CVE-2016-8280 | Path Traversal vulnerability in Huawei Esight V300R002C00/V300R003C10/V300R003C20 Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |