Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-06 | CVE-2010-4399 | Path Traversal vulnerability in Dynpg 4.1.1/4.2.0 Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2010-12-02 | CVE-2010-4282 | Path Traversal vulnerability in Artica Pandora FMS Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. | 7.5 |
2010-12-02 | CVE-2010-4369 | Path Traversal vulnerability in Awstats Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. | 6.4 |
2010-11-26 | CVE-2010-3910 | Path Traversal vulnerability in Vtiger CRM Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2010-11-17 | CVE-2010-4107 | Path Traversal vulnerability in HP products The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. | 7.8 |
2010-11-17 | CVE-2010-4231 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. | 7.8 |
2010-11-15 | CVE-2010-1829 | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share. | 6.0 |
2010-11-09 | CVE-2010-3867 | Path Traversal vulnerability in Proftpd Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | 7.1 |
2010-11-05 | CVE-2010-3863 | Path Traversal vulnerability in multiple products Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | 5.0 |
2010-11-04 | CVE-2010-4181 | Path Traversal vulnerability in Yaws 1.89 Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. | 5.0 |