Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-24 | CVE-2016-10037 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | 7.3 |
| 2016-12-17 | CVE-2016-9950 | Path Traversal vulnerability in multiple products An issue was discovered in Apport before 2.20.4. | 7.8 |
| 2016-12-16 | CVE-2016-8827 | Path Traversal vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | 6.5 |
| 2016-12-14 | CVE-2016-9210 | Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. | 7.5 |
| 2016-12-14 | CVE-2016-9208 | Path Traversal vulnerability in Cisco Emergency Responder 11.5(2.10000.5) A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. | 6.5 |
| 2016-12-14 | CVE-2016-9199 | Path Traversal vulnerability in Cisco IOX 1.1.0 A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. | 6.5 |
| 2016-12-11 | CVE-2016-6614 | Path Traversal vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. | 6.8 |
| 2016-12-10 | CVE-2016-7116 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. | 6.0 |
| 2016-12-09 | CVE-2016-6321 | Path Traversal vulnerability in GNU TAR Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | 7.5 |
| 2016-11-30 | CVE-2016-2933 | Path Traversal vulnerability in IBM Bigfix Remote Control 9.1.2 Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | 6.8 |