Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-12 | CVE-2014-8555 | Path Traversal vulnerability in Progress Openedge 11.2 Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-11-08 | CVE-2014-7818 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | 4.3 |
2014-11-06 | CVE-2014-5258 | Path Traversal vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8.0 Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. | 4.0 |
2014-11-06 | CVE-2014-8659 | Path Traversal vulnerability in SAP Environment Health and Safety Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2014-10-31 | CVE-2014-7985 | Path Traversal vulnerability in Espocrm Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2014-10-30 | CVE-2013-3304 | Path Traversal vulnerability in Dell Equallogic Ps4000 Firmware 6.0 Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-10-29 | CVE-2014-6149 | Path Traversal vulnerability in IBM Tivoli Application Dependency Discovery Manager Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | 5.0 |
2014-10-29 | CVE-2014-4877 | Path Traversal vulnerability in GNU Wget Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | 9.3 |
2014-10-29 | CVE-2014-3697 | Path Traversal vulnerability in Pidgin Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. | 6.4 |
2014-10-26 | CVE-2014-6037 | Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0 Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. | 7.5 |