Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-11 | CVE-2015-5313 | Path Traversal vulnerability in Redhat Libvirt Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. | 2.5 |
| 2016-04-11 | CVE-2016-0784 | Path Traversal vulnerability in Apache Openmeetings Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. | 6.5 |
| 2016-04-11 | CVE-2016-0709 | Path Traversal vulnerability in Apache Jetspeed Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. | 7.2 |
| 2016-04-07 | CVE-2016-3976 | Path Traversal vulnerability in SAP Netweaver Application Server Java Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | 7.5 |
| 2016-04-07 | CVE-2016-2097 | Path Traversal vulnerability in Rubyonrails Ruby on Rails Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. | 5.3 |
| 2016-04-01 | CVE-2016-2289 | Path Traversal vulnerability in Iconics Webhmi 9.0 Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | 7.5 |
| 2016-02-25 | CVE-2015-5345 | Path Traversal vulnerability in multiple products The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | 5.3 |
| 2016-02-25 | CVE-2015-5174 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. | 4.3 |
| 2016-02-23 | CVE-2013-7448 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get. | 7.5 |
| 2016-02-16 | CVE-2016-2389 | Path Traversal vulnerability in SAP Netweaver 7.40 Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. | 7.5 |