Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-11-23 | CVE-2012-6607 | Path Traversal vulnerability in Augeas The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. | 3.3 |
2013-11-21 | CVE-2013-6177 | Path Traversal vulnerability in EMC Document Sciences Xpression 4.1/4.2/4.5 Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access. | 3.5 |
2013-11-20 | CVE-2013-6827 | Path Traversal vulnerability in Pineapp Mail-Secure Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. | 5.0 |
2013-11-20 | CVE-2013-6821 | Path Traversal vulnerability in SAP Netweaver Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2013-11-18 | CVE-2013-6688 | Path Traversal vulnerability in Cisco Unified Communications Manager Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. | 6.3 |
2013-11-18 | CVE-2013-4510 | Path Traversal vulnerability in Tryton 3.0.0 Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report. | 7.8 |
2013-11-08 | CVE-2013-5554 | Path Traversal vulnerability in Cisco Wide Area Application Services Mobile Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773. | 7.5 |
2013-11-06 | CVE-2013-3626 | Path Traversal vulnerability in Attachmate Verastream Host Integrator Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message. | 9.3 |
2013-11-05 | CVE-2013-5688 | Path Traversal vulnerability in Ajaxplorer Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action. | 5.5 |
2013-11-02 | CVE-2013-6023 | Path Traversal vulnerability in TVT DVR and DVR Firmware Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. | 7.8 |