Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-08 | CVE-2014-2933 | Path Traversal vulnerability in Caldera 9.20 Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. | 5.0 |
2014-05-02 | CVE-2014-1442 | Path Traversal vulnerability in Coreftp Core FTP 1.2 Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | 4.0 |
2014-04-30 | CVE-2013-1806 | Path Traversal vulnerability in PHP-Fusion Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. | 6.5 |
2014-04-30 | CVE-2014-0471 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." | 5.0 |
2014-04-29 | CVE-2014-1843 | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. | 5.0 |
2014-04-29 | CVE-2014-1842 | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. | 5.0 |
2014-04-29 | CVE-2014-1841 | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. | 5.0 |
2014-04-28 | CVE-2014-2846 | Path Traversal vulnerability in Westerndigital Arkeia Virtual Appliance Firmware 10.2.7 Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | 7.5 |
2014-04-25 | CVE-2014-0780 | Path Traversal vulnerability in Indusoft web Studio 7.1 Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. | 7.5 |
2014-04-23 | CVE-2014-2976 | Path Traversal vulnerability in Sixnet Sixview Manager 2.4.1 Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. | 5.0 |