Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-29 | CVE-2015-8770 | Path Traversal vulnerability in Roundcube Webmail Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. | 7.5 |
| 2016-01-19 | CVE-2015-6833 | Path Traversal vulnerability in PHP Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. | 7.5 |
| 2016-01-18 | CVE-2015-4988 | Path Traversal vulnerability in IBM Tealeaf Customer Experience Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors. | 8.6 |
| 2016-01-15 | CVE-2016-0855 | Path Traversal vulnerability in Advantech Webaccess Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | 7.5 |
| 2016-01-12 | CVE-2016-1231 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. | 5.9 |
| 2016-01-12 | CVE-2015-5471 | Path Traversal vulnerability in Swim Team Project Swim Team 1.44.10777 Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | 5.3 |
| 2016-01-12 | CVE-2015-4703 | Path Traversal vulnerability in Rename Project Rename 1.0 Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. | 5.3 |
| 2016-01-08 | CVE-2015-4694 | Path Traversal vulnerability in ZIP Attachments Project ZIP Attachments 1.5 Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. | 8.6 |
| 2016-01-03 | CVE-2015-2007 | Path Traversal vulnerability in IBM Qradar Security Information and Event Manager Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. | 5.0 |
| 2015-12-31 | CVE-2015-2875 | Path Traversal vulnerability in multiple products Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | 7.5 |