Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-30 | CVE-2014-8961 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | 4.0 |
2014-11-30 | CVE-2014-8959 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 6.5 |
2014-11-28 | CVE-2014-8801 | Path Traversal vulnerability in Strangerstudios Paid Memberships PRO Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-11-28 | CVE-2014-8799 | Path Traversal vulnerability in Dukapress Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-11-20 | CVE-2014-3625 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. | 5.0 |
2014-11-18 | CVE-2014-7829 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. | 5.0 |
2014-11-18 | CVE-2014-6095 | Path Traversal vulnerability in IBM Security Identity Manager Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2014-11-17 | CVE-2012-6665 | Path Traversal vulnerability in PHPmoneybooks 1.0.4 Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. | 4.3 |
2014-11-17 | CVE-2012-1669 | Path Traversal vulnerability in PHPmoneybooks 1.0.2 Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. | 4.3 |
2014-11-17 | CVE-2014-8727 | Path Traversal vulnerability in F5 Big-Ip Local Traffic Manager Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. | 6.2 |