Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-07 | CVE-2017-10974 | Path Traversal vulnerability in Yaws 1.91 Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. | 7.5 |
| 2017-07-04 | CVE-2017-6704 | Path Traversal vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. | 6.5 |
| 2017-06-27 | CVE-2015-7780 | Path Traversal vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6 Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | 6.5 |
| 2017-06-24 | CVE-2017-9846 | Path Traversal vulnerability in Magicwinmail Winmail Server 6.1 Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | 8.8 |
| 2017-06-24 | CVE-2017-9833 | Path Traversal vulnerability in BOA 0.94.14.21 /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. | 7.5 |
| 2017-06-23 | CVE-2017-9829 | Path Traversal vulnerability in Vivotek products '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. | 7.5 |
| 2017-06-21 | CVE-2017-2829 | Path Traversal vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. | 6.5 |
| 2017-06-16 | CVE-2017-9097 | Path Traversal vulnerability in Hoytech Antiweb In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. | 9.1 |
| 2017-06-09 | CVE-2016-7826 | Path Traversal vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | 6.5 |
| 2017-06-09 | CVE-2016-7825 | Path Traversal vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | 6.5 |