Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-10 | CVE-2006-5846 | Path Traversal vulnerability in Freewebshop Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. | 6.4 |
| 2006-10-05 | CVE-2006-5149 | Path Traversal vulnerability in Openbiblio Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2006-09-27 | CVE-2006-5031 | Path Traversal vulnerability in Cakefoundation Cakephp Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-08-07 | CVE-2006-4013 | Path Traversal vulnerability in Symantec Brightmail Antispam Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | 7.6 |
| 2006-07-31 | CVE-2006-3934 | Path Traversal vulnerability in Alkacon Opencms Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. | 4.0 |
| 2006-06-02 | CVE-2006-2758 | Path Traversal vulnerability in Jetty 6.0 Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. | 5.0 |
| 2006-05-22 | CVE-2006-2516 | Path Traversal vulnerability in Xoops mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | 5.1 |
| 2006-05-12 | CVE-2006-2337 | Path Traversal vulnerability in D-Link Dsl-G604T Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | 5.0 |
| 2006-04-12 | CVE-2006-1746 | Path Traversal vulnerability in Tincan PHPlist Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | 5.0 |
| 2006-03-13 | CVE-2006-0950 | Path Traversal vulnerability in Unalz 0.53 unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | 2.6 |