Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-05 | CVE-2014-8084 | Path Traversal vulnerability in Osclass Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2015-01-02 | CVE-2014-9461 | Path Traversal vulnerability in Reality66 Cart66 Lite 1.5.1.17/1.5.3 Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. | 3.5 |
| 2015-01-02 | CVE-2014-9452 | Path Traversal vulnerability in Vdgsecurity VDG Sense 2.3.13 Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2015-01-02 | CVE-2014-9447 | Path Traversal vulnerability in Elfutils Project Elfutils 0.152/0.161 Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | 6.4 |
| 2015-01-02 | CVE-2014-9436 | Path Traversal vulnerability in Sysaid 14.4/6.0/6.5 Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | 5.0 |
| 2015-01-01 | CVE-2011-5310 | Path Traversal vulnerability in Cherry-Design Wikipad 1.6.0 Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-12-31 | CVE-2014-9119 | Path Traversal vulnerability in DB Backup Project DB Backup 4.5 Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-12-30 | CVE-2013-3295 | Path Traversal vulnerability in Exponentcms Exponent CMS Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2014-12-28 | CVE-2011-4722 | Path Traversal vulnerability in Ipswitch Tftp Server 1.0.0.24 Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2014-12-25 | CVE-2014-2217 | Path Traversal vulnerability in Telerik UI FOR Asp.Net Ajax Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. | 7.5 |