Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-27 | CVE-2007-4031 | Path Traversal vulnerability in Nessus vulnerability Scanner 3.0.6 Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. | 7.8 |
| 2007-07-26 | CVE-2007-4008 | Path Traversal vulnerability in Entertainment CMS Entertainment CMS Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-07-25 | CVE-2007-3967 | Path Traversal vulnerability in Dirlist PHP 0.1.1 Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. | 5.0 |
| 2007-07-21 | CVE-2007-3936 | Path Traversal vulnerability in A-Shop Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | 6.4 |
| 2007-07-02 | CVE-2007-2836 | Path Traversal vulnerability in Hiki Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | 6.4 |
| 2007-06-30 | CVE-2007-3504 | Path Traversal vulnerability in SUN Jdk, JRE and SDK Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. | 9.3 |
| 2007-06-29 | CVE-2007-3487 | Path Traversal vulnerability in HP Photo Digital Imaging Activex Control 2.0.0.133 Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | 6.4 |
| 2007-06-06 | CVE-2007-3072 | Path Traversal vulnerability in Mozilla Firefox Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. | 7.1 |
| 2007-03-30 | CVE-2007-1773 | Path Traversal vulnerability in Unverse.Net Abitwhizzy Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. | 2.6 |
| 2007-03-06 | CVE-2006-7117 | Path Traversal vulnerability in Kubix Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php. | 6.8 |