Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-04-02 | CVE-2012-0246 | Path Traversal vulnerability in Ecava Integraxor Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. | 9.3 |
2012-03-27 | CVE-2012-1918 | Path Traversal vulnerability in Atmail Open Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. | 5.0 |
2012-03-27 | CVE-2012-1917 | Path Traversal vulnerability in Atmail Open compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence. | 5.0 |
2012-03-23 | CVE-2012-1089 | Path Traversal vulnerability in Apache Wicket Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package. | 5.0 |
2012-03-22 | CVE-2012-1841 | Path Traversal vulnerability in multiple products Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. | 5.0 |
2012-03-22 | CVE-2012-1839 | Path Traversal vulnerability in Ajaxplorer Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2012-03-20 | CVE-2012-0403 | Path Traversal vulnerability in RSA Envision 4.0/4.1 Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | 6.3 |
2012-03-19 | CVE-2012-1790 | Path Traversal vulnerability in Webgrind Project Webgrind 1.0 Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. | 5.0 |
2012-03-19 | CVE-2010-5086 | Path Traversal vulnerability in Bitweaver 2.7/2.8.1 Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2012-03-19 | CVE-2009-5114 | Path Traversal vulnerability in Iwork Webglimpse Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |