Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-08 | CVE-2015-2996 | Path Traversal vulnerability in Sysaid Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. | 8.5 |
| 2015-06-08 | CVE-2015-2995 | Path Traversal vulnerability in Sysaid The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | 6.8 |
| 2015-06-07 | CVE-2010-5324 | Path Traversal vulnerability in Novell Zenworks Configuration Management 10.0/10.1/10.2 Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. | 10.0 |
| 2015-06-07 | CVE-2010-5323 | Path Traversal vulnerability in Novell Zenworks Configuration Management 10.0/10.1/10.2 Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | 10.0 |
| 2015-06-07 | CVE-2014-6222 | Path Traversal vulnerability in IBM Marketing Operations Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2015-06-05 | CVE-2015-2950 | Path Traversal vulnerability in Open Explorer Beta Project Open Explorer Beta 0.253 Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | 6.4 |
| 2015-05-31 | CVE-2015-3939 | Path Traversal vulnerability in IDS Nc854 and Nc856 Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. | 6.8 |
| 2015-05-29 | CVE-2015-4068 | Path Traversal vulnerability in Arcserve Unified Data Protection Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. | 9.4 |
| 2015-05-29 | CVE-2015-4031 | Path Traversal vulnerability in Visualmining Netcharts Server Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. | 10.0 |
| 2015-05-28 | CVE-2015-1550 | Path Traversal vulnerability in Arubanetworks Clearpass Policy Manager Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | 9.0 |