Security Vulnerabilities, CVEs, Published In 2016 (Directory traversal) CVSS score >= 9
CVE-2016-0709
Public exploit
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
Max CVSS
9.0
EPSS Score
21.71%
Published
2016-04-11
Updated
2016-04-20
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
Max CVSS
9.4
EPSS Score
1.33%
Published
2016-10-06
Updated
2020-04-29
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Max CVSS
9.3
EPSS Score
0.13%
Published
2016-12-17
Updated
2017-01-07
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
Max CVSS
9.8
EPSS Score
0.39%
Published
2016-12-05
Updated
2016-12-27
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Max CVSS
10.0
EPSS Score
1.60%
Published
2016-08-05
Updated
2016-11-28
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
Max CVSS
10.0
EPSS Score
0.49%
Published
2016-08-03
Updated
2016-08-15
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
Max CVSS
9.1
EPSS Score
36.44%
Published
2016-06-09
Updated
2016-11-28
7 vulnerabilities found