Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-04 | CVE-2014-5446 | Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. | 5.0 |
| 2014-12-04 | CVE-2014-5445 | Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | 5.0 |
| 2014-12-03 | CVE-2014-9238 | Path Traversal vulnerability in D-Link Dcs-2103 HD Cube Network Camera Firmware 1.0.0 D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | 5.0 |
| 2014-12-03 | CVE-2014-9234 | Path Traversal vulnerability in D-Link Dcs-2103 HD Cube Network Camera Firmware 1.0.0 Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-12-02 | CVE-2014-9181 | Path Traversal vulnerability in Plex Media Server 0.9.9.2 Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-12-01 | CVE-2014-9155 | Path Traversal vulnerability in Avatar Uploader Project Avatar Uploader Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2014-12-01 | CVE-2014-7816 | Path Traversal vulnerability in Redhat Undertow Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-11-30 | CVE-2014-8961 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | 4.0 |
| 2014-11-30 | CVE-2014-8959 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. | 6.5 |
| 2014-11-28 | CVE-2014-8801 | Path Traversal vulnerability in Strangerstudios Paid Memberships PRO Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |