CVE-2017-1000062 CVSS:5.0
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000047 CVSS:7.5
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000028 CVSS:5.0
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000026 CVSS:5.0
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000002 CVSS:7.5
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. (Last Update:2017-07-27) (Publish Update:2017-07-17)
CVE-2017-14514 CVSS:0.0
Directory Traversal on Tenda W15E devices before allows remote attackers to read unencrypted files via a crafted URL. (Last Update:2017-09-17) (Publish Update:2017-09-17)
CVE-2017-14513 CVSS:0.0
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. (Last Update:2017-09-17) (Publish Update:2017-09-17)
CVE-2017-14120 CVSS:5.0
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. (Last Update:2017-09-05) (Publish Update:2017-09-03)
CVE-2017-13780 CVSS:5.0
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. (Last Update:2017-09-05) (Publish Update:2017-08-30)
CVE-2017-12943 CVSS:5.0
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. (Last Update:2017-09-13) (Publish Update:2017-08-18)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by