Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2010-12-06 CVE-2010-4399 Path Traversal vulnerability in Dynpg 4.1.1/4.2.0
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..
network
dynpg CWE-22
4.3
2010-12-02 CVE-2010-4282 Path Traversal vulnerability in Artica Pandora FMS
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
network
low complexity
artica CWE-22
7.5
2010-12-02 CVE-2010-4369 Path Traversal vulnerability in Awstats
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
network
low complexity
awstats CWE-22
6.4
2010-11-26 CVE-2010-3910 Path Traversal vulnerability in Vtiger CRM
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a ..
network
vtiger CWE-22
6.8
2010-11-17 CVE-2010-4107 Path Traversal vulnerability in HP products
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
network
low complexity
hp CWE-22
7.8
2010-11-17 CVE-2010-4231 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a ..
network
low complexity
camtron tecvoz CWE-22
7.8
2010-11-15 CVE-2010-1829 Path Traversal vulnerability in Apple mac OS X and mac OS X Server
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.
network
apple CWE-22
6.0
2010-11-09 CVE-2010-3867 Path Traversal vulnerability in Proftpd
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
network
high complexity
proftpd CWE-22
7.1
2010-11-05 CVE-2010-3863 Path Traversal vulnerability in multiple products
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
network
low complexity
apache jsecurity CWE-22
5.0
2010-11-04 CVE-2010-4181 Path Traversal vulnerability in Yaws 1.89
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
network
low complexity
yaws CWE-22
5.0