Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-21 | CVE-2014-4577 | Path Traversal vulnerability in Websupporter WP Amasin - the Amazon Affiliate Shop 0.9.6 Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. | 5.0 |
2014-10-21 | CVE-2012-5242 | Path Traversal vulnerability in Bananadance Banana Dance 0.9/1.5 Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2014-10-20 | CVE-2014-6308 | Path Traversal vulnerability in Osclass Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-10-17 | CVE-2014-2279 | Path Traversal vulnerability in Seeddms Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. | 6.4 |
2014-10-08 | CVE-2014-6394 | Path Traversal vulnerability in multiple products visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | 7.5 |
2014-10-03 | CVE-2014-0754 | Path Traversal vulnerability in Schneider-Electric products Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | 10.0 |
2014-09-26 | CVE-2014-5319 | Path Traversal vulnerability in S-Link Slfilemanager Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. | 6.4 |
2014-09-18 | CVE-2014-4384 | Path Traversal vulnerability in Apple Iphone OS Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | 1.9 |
2014-09-11 | CVE-2014-5393 | Path Traversal vulnerability in SOS Jobscheduler Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | 4.0 |
2014-09-03 | CVE-2014-5465 | Path Traversal vulnerability in Werdswords Download Shortcode Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |