Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2014-11-12 CVE-2014-8555 Path Traversal vulnerability in Progress Openedge 11.2
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a ..
network
low complexity
progress CWE-22
5.0
2014-11-08 CVE-2014-7818 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
4.3
2014-11-06 CVE-2014-5258 Path Traversal vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8.0
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a ..
network
low complexity
webedition CWE-22
4.0
2014-11-06 CVE-2014-8659 Path Traversal vulnerability in SAP Environment Health and Safety
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
sap CWE-22
5.0
2014-10-31 CVE-2014-7985 Path Traversal vulnerability in Espocrm
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
espocrm CWE-22
critical
10.0
2014-10-30 CVE-2013-3304 Path Traversal vulnerability in Dell Equallogic Ps4000 Firmware 6.0
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a ..
network
low complexity
dell CWE-22
5.0
2014-10-29 CVE-2014-6149 Path Traversal vulnerability in IBM Tivoli Application Dependency Discovery Manager
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-22
5.0
2014-10-29 CVE-2014-4877 Path Traversal vulnerability in GNU Wget
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
network
gnu CWE-22
critical
9.3
2014-10-29 CVE-2014-3697 Path Traversal vulnerability in Pidgin
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
network
low complexity
pidgin CWE-22
6.4
2014-10-26 CVE-2014-6037 Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with ..
network
low complexity
zohocorp CWE-22
7.5