Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-08-21 | CVE-2017-7424 | Path Traversal vulnerability in Microfocus Enterprise Developer and Enterprise Server A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. | 6.5 |
| 2017-08-18 | CVE-2017-12943 | Path Traversal vulnerability in Dlink Dir-600 B1 Firmware 2.01 D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | 9.8 |
| 2017-08-18 | CVE-2017-10665 | Path Traversal vulnerability in PHPgrid Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. | 7.8 |
| 2017-08-18 | CVE-2017-12938 | Path Traversal vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . | 7.5 |
| 2017-08-11 | CVE-2017-7675 | Path Traversal vulnerability in Apache Tomcat The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. | 7.5 |
| 2017-08-09 | CVE-2015-0781 | Path Traversal vulnerability in Novell Zenworks Configuration Management Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | 9.8 |
| 2017-08-08 | CVE-2017-11152 | Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | 7.5 |
| 2017-08-07 | CVE-2017-12637 | Path Traversal vulnerability in SAP Netweaver Application Server Java 7.50 Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-08-07 | CVE-2011-5325 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | 7.5 |