CVE-2017-9067 CVSS:0.0
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. (Last Update:2017-05-18) (Publish Update:2017-05-18)
CVE-2017-9031 CVSS:7.5
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. (Last Update:2017-05-27) (Publish Update:2017-05-17)
CVE-2017-9030 CVSS:5.0
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. (Last Update:2017-05-26) (Publish Update:2017-05-17)
CVE-2017-9024 CVSS:0.0
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-8921 CVSS:5.0
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. (Last Update:2017-05-26) (Publish Update:2017-05-12)
CVE-2017-8868 CVSS:5.0
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. (Last Update:2017-05-17) (Publish Update:2017-05-10)
CVE-2017-8853 CVSS:6.4
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. (Last Update:2017-05-17) (Publish Update:2017-05-09)
CVE-2017-8314 CVSS:0.0
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. (Last Update:2017-05-26) (Publish Update:2017-05-23)
CVE-2017-8297 CVSS:7.5
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). (Last Update:2017-05-10) (Publish Update:2017-04-27)
CVE-2017-8283 CVSS:7.5
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. (Last Update:2017-05-10) (Publish Update:2017-04-26)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by