Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-30117 | Path Traversal vulnerability in Concretecms Concrete CMS Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. | 9.1 |
| 2022-06-24 | CVE-2021-41636 | Path Traversal vulnerability in Melag FTP Server 2.2.0.4 MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | 6.5 |
| 2022-06-23 | CVE-2022-31395 | Path Traversal vulnerability in Algosolutions 8373 IP Zone Paging Adapter Firmware 1.7.6 Algo Communication Products Ltd. | 8.8 |
| 2022-06-23 | CVE-2022-34177 | Path Traversal vulnerability in Jenkins Pipeline: Input Step Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 7.5 |
| 2022-06-23 | CVE-2022-34179 | Path Traversal vulnerability in Jenkins Embeddable Build Status Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | 7.5 |
| 2022-06-21 | CVE-2022-33995 | Path Traversal vulnerability in Devolutions Remote Desktop Manager A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | 7.5 |
| 2022-06-21 | CVE-2022-29774 | Path Traversal vulnerability in Ispyconnect Ispy 7.2.2.0 iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. | 9.8 |
| 2022-06-16 | CVE-2022-31372 | Path Traversal vulnerability in Wiris Mathtype 7.28.0 Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. | 7.5 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2022-06-14 | CVE-2022-32328 | Path Traversal vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to Delete any file. | 9.1 |