Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-27 | CVE-2017-20102 | Path Traversal vulnerability in Album Lock Project Album Lock 4.0 A vulnerability was found in Album Lock 4.0 and classified as critical. | 5.5 |
2022-06-24 | CVE-2022-29097 | Path Traversal vulnerability in Dell Wyse Management Suite Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. | 4.9 |
2022-06-24 | CVE-2013-1891 | Path Traversal vulnerability in Opencart 1.5.5.1 In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. | 6.5 |
2022-06-24 | CVE-2022-2120 | Path Traversal vulnerability in Offis Dcmtk OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. | 9.8 |
2022-06-24 | CVE-2022-30117 | Path Traversal vulnerability in Concretecms Concrete CMS Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. | 9.1 |
2022-06-24 | CVE-2021-41636 | Path Traversal vulnerability in Melag FTP Server 2.2.0.4 MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | 6.5 |
2022-06-23 | CVE-2022-31395 | Path Traversal vulnerability in Algosolutions 8373 IP Zone Paging Adapter Firmware 1.7.6 Algo Communication Products Ltd. | 8.8 |
2022-06-23 | CVE-2022-34177 | Path Traversal vulnerability in Jenkins Pipeline: Input Step Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 7.5 |
2022-06-23 | CVE-2022-34179 | Path Traversal vulnerability in Jenkins Embeddable Build Status Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | 7.5 |
2022-06-21 | CVE-2022-33995 | Path Traversal vulnerability in Devolutions Remote Desktop Manager A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | 7.5 |