Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-27 | CVE-2014-0820 | Path Traversal vulnerability in Cybozu Garoon Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
2014-02-24 | CVE-2013-6652 | Path Traversal vulnerability in Google Chrome Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. | 7.5 |
2014-02-20 | CVE-2013-4420 | Path Traversal vulnerability in Feep Libtar Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. | 5.8 |
2014-02-08 | CVE-2013-1904 | Path Traversal vulnerability in Roundcube Webmail Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013. | 5.0 |
2014-02-07 | CVE-2014-1698 | Path Traversal vulnerability in Siemens Simatic Wincc Open Architecture Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | 5.0 |
2014-02-05 | CVE-2014-1833 | Path Traversal vulnerability in Devscripts Devel Team Devscripts 2.14.1 Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | 5.0 |
2014-02-04 | CVE-2011-2725 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. | 6.8 |
2014-02-02 | CVE-2013-7300 | Path Traversal vulnerability in Craig Drummond Cantata Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. | 5.0 |
2014-02-01 | CVE-2014-0830 | Path Traversal vulnerability in IBM Financial Transaction Manager Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | 4.0 |
2014-01-28 | CVE-2012-5192 | Path Traversal vulnerability in Bitweaver Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter. | 5.0 |