CVE-2017-1000062 CVSS:5.0
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000047 CVSS:7.5
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000028 CVSS:5.0
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000026 CVSS:5.0
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000002 CVSS:0.0
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. (Last Update:2017-07-18) (Publish Update:2017-07-17)
CVE-2017-11500 CVSS:0.0
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. (Last Update:2017-07-20) (Publish Update:2017-07-20)
CVE-2017-11469 CVSS:0.0
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. (Last Update:2017-07-20) (Publish Update:2017-07-20)
CVE-2017-11466 CVSS:0.0
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11456 CVSS:0.0
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11440 CVSS:4.0
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. (Last Update:2017-07-21) (Publish Update:2017-07-19)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by