Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-08 | CVE-2015-8798 | Path Traversal vulnerability in Broadcom products Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 8.0 |
| 2016-06-05 | CVE-2016-1212 | Path Traversal vulnerability in Futomi MP Form Mail CGI 3.2.3 Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | 2.7 |
| 2016-05-22 | CVE-2014-9767 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | 4.3 |
| 2016-05-14 | CVE-2016-1671 | Path Traversal vulnerability in Google Chrome Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. | 8.1 |
| 2016-04-22 | CVE-2016-1593 | Path Traversal vulnerability in Novell Service Desk 7.1 Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. | 7.2 |
| 2016-04-18 | CVE-2016-3972 | Path Traversal vulnerability in Dotcms Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. | 2.7 |
| 2016-04-12 | CVE-2016-4004 | Path Traversal vulnerability in Dell Openmanage Server Administrator 8.2 Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. | 4.9 |
| 2016-04-11 | CVE-2015-5313 | Path Traversal vulnerability in Redhat Libvirt Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. | 2.5 |
| 2016-04-11 | CVE-2016-0784 | Path Traversal vulnerability in Apache Openmeetings Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. | 6.5 |
| 2016-04-11 | CVE-2016-0709 | Path Traversal vulnerability in Apache Jetspeed Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. | 7.2 |