CVE Daily
← All tags

Tag: Path Traversal

All CVEs associated with "Path Traversal". Page 53/72 • 8591 CVEs.

Subscribe CVEs: RSS for “Path Traversal”  ·  RSS (High+Critical only)

About “Path Traversal”

A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2011-12-05
Medium

CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2011-4543

Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) O…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-1932

Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used f…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-12-02
Medium

CVE-2011-4036

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arb…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-12-01
High

CVE-2011-4001

Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-11-19
Medium

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…

CVSS: 5.0 CWE: CWE-16 View on NVD
2011-11-17
Medium

CVE-2011-4122

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name arg…

CVSS: 6.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-11-10
Medium

CVE-2011-4431

Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-11-04
Low

CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote serve…

CVSS: 3.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-27
High

CVE-2011-3315

Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-14
Medium

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-09
Critical

CVE-2010-4931

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issu…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-06
High

CVE-2011-3305

Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-05
High

CVE-2010-4867

Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parame…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4858

Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-10-04
Medium

CVE-2011-1572

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defi…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-09-21
Medium

CVE-2011-3357

Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parame…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-09-16
Medium

CVE-2011-3500

Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2011-3495

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF,…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-3487

Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-09-14
Medium

CVE-2010-4835

Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller pa…

CVSS: 4.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-09-12
Medium

CVE-2009-5093

Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2009-5089

Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2009-5087

Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-09-06
Medium

CVE-2011-1359

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to r…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-08-31
Medium

CVE-2011-2524

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-08-01
Medium

CVE-2011-2718

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files v…

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-2643

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via direct…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-07-19
Medium

CVE-2011-2780

Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability t…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-2744

Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the defa…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-07-17
Medium

CVE-2011-2757

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME paramete…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-2755

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-07-14
Medium

CVE-2011-2508

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote aut…

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-06-24
Medium

CVE-2011-0203

Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the sta…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-06-16
Medium

CVE-2011-2202

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute pa…

CVSS: 6.4 CWE: CWE-264 View on NVD
2011-06-09
Medium

CVE-2011-2474

Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-2472

Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --ses…

CVSS: 6.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-2468

Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-24
Medium

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a scrip…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-1595

Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-20
Medium

CVE-2011-0966

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-09
Medium

CVE-2011-0426

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbit…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-07
High

CVE-2011-1736

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory…

CVSS: 8.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-05
Medium

CVE-2011-1902

Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-04
Critical

CVE-2011-1900

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-05-03
Medium

CVE-2011-1607

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) al…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-29
Medium

CVE-2011-1589

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-27
Medium

CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitr…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4801

Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4798

Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4790

Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: so…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-22
Medium

CVE-2011-1688

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-18
Medium

CVE-2011-1715

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remo…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2010-4229

Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allow…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2011-1654

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute ar…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-10
Medium

CVE-2011-1669

Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the u…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-05
Critical

CVE-2011-1566

Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot do…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2011-1565

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) c…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-23
High

CVE-2010-4769

Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-16
High

CVE-2011-0751

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-15
Medium

CVE-2011-0063

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in th…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-11
Medium

CVE-2010-4651

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-09
Medium

CVE-2011-1099

Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-08
Low

CVE-2011-0345

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP G…

CVSS: 3.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-03-04
Low

CVE-2011-1074

crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal…

CVSS: 1.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2011-02-23
Medium

CVE-2011-0725

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-21
Medium

CVE-2011-0329

Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-15
Medium

CVE-2010-4731

Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4730

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB10…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-14
High

CVE-2011-0698

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-10
Low

CVE-2010-3718

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write…

CVSS: 1.2 CWE: N/A View on NVD
2011-02-07
Medium

CVE-2011-0903

Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-04
High

CVE-2011-0537

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly No…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-0049

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the h…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-02
Medium

CVE-2010-3930

Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-01
High

CVE-2010-4719

Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller paramet…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-31
Medium

CVE-2010-4715

Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via u…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-28
Critical

CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filte…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-20
Medium

CVE-2011-0518

Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system…

CVSS: 5.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-0506

Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] p…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-0505

Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local…

CVSS: 5.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2011-0497

Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary fil…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-19
Medium

CVE-2011-0494

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, a…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-11
Medium

CVE-2011-0405

Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory trave…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a s…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-03
Medium

CVE-2010-4350

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type param…

CVSS: 5.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-12-30
Medium

CVE-2010-4634

Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE:…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4622

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (e…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-12-29
Medium

CVE-2010-4617

Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section paramet…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) a…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-12-23
Medium

CVE-2010-4598

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-12-07
Medium

CVE-2010-4330

Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-12-06
Medium

CVE-2010-4406

Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files vi…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4399

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_D…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-12-02
High

CVE-2010-4282

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id param…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4369

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-26
Medium

CVE-2010-3910

Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-17
High

CVE-2010-4107

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-4270

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files vi…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2010-4231

Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote at…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-15
Medium

CVE-2010-1829

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bo…

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-09
High

CVE-2010-3867

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modi…

CVSS: 7.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-04
Medium

CVE-2010-4181

Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-03
Critical

CVE-2010-4154

Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2010-4153

Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-11-02
Critical

CVE-2010-4149

Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2010-4148

Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-10-28
Medium

CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backs…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-10-26
Critical

CVE-2010-4095

Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-10-19
Medium

CVE-2008-7262

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2007-6736

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2)…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-10-08
Medium

CVE-2010-3743

Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2010-2797

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defau…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-10-07
Medium

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directo…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-09-29
High

CVE-2010-3688

Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the ln…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-3468

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-09-28
Medium

CVE-2010-3490

Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to c…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-09-24
Medium

CVE-2010-3606

Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory travers…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD