Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-06 | CVE-2015-2166 | Path Traversal vulnerability in Ericsson Drutt Mobile Service Delivery Platform 4.0/5.0/6.0 Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | 5.0 |
| 2015-04-03 | CVE-2015-0666 | Path Traversal vulnerability in Cisco Prime Data Center Network Manager Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. | 7.8 |
| 2015-03-31 | CVE-2015-0984 | Path Traversal vulnerability in Honeywell products Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | 10.0 |
| 2015-03-23 | CVE-2014-9261 | Path Traversal vulnerability in Codologic Codoforum 2.5.1 The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2015-03-17 | CVE-2015-0665 | Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | 6.6 |
| 2015-03-09 | CVE-2015-2243 | Path Traversal vulnerability in Webshophun Webshop HUN 1.062S Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | 7.5 |
| 2015-03-04 | CVE-2015-0933 | Path Traversal vulnerability in Sharelatex 0.1.2 Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | 3.5 |
| 2015-02-24 | CVE-2014-9282 | Path Traversal vulnerability in Speed Software Explorer and Root Explorer Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename. | 5.0 |
| 2015-02-24 | CVE-2015-2071 | Path Traversal vulnerability in Etouch Samepage 4.4.0.0.239 Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2015-02-24 | CVE-2015-2067 | Path Traversal vulnerability in Magmi Project Magmi Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. | 5.0 |