Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2017-6758 | Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6) A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. | 6.5 |
| 2017-08-06 | CVE-2017-12586 | Path Traversal vulnerability in Slims Akasia SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. | 6.5 |
| 2017-08-04 | CVE-2017-10949 | Path Traversal vulnerability in Dell Storage Manager 2016 R2.1 Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. | 7.5 |
| 2017-08-03 | CVE-2017-7442 | Path Traversal vulnerability in Gonitro Nitro PRO 11.0.3.173 Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | 8.8 |
| 2017-08-02 | CVE-2017-11389 | Path Traversal vulnerability in Trendmicro Control Manager 6.0 Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. | 9.8 |
| 2017-07-29 | CVE-2017-11723 | Path Traversal vulnerability in Xinha 0.96 Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | 7.5 |
| 2017-07-26 | CVE-2017-11658 | Path Traversal vulnerability in Wp-Rocket In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | 7.5 |
| 2017-07-26 | CVE-2017-11630 | Path Traversal vulnerability in Fiyo CMS 2.0.7 dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | 7.5 |
| 2017-07-25 | CVE-2017-8033 | Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. | 7.8 |
| 2017-07-25 | CVE-2015-1847 | Path Traversal vulnerability in Appserver Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. | 7.5 |