Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2021-29398 | Path Traversal vulnerability in Globalnorthstar Northstar Club Management 6.3 Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | 5.3 |
| 2022-02-04 | CVE-2021-44977 | Path Traversal vulnerability in Idreamsoft Icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 7.5 |
| 2022-02-03 | CVE-2022-23357 | Path Traversal vulnerability in Mozilo Mozilocms 2.0 mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | 9.1 |
| 2022-02-02 | CVE-2021-42753 | Path Traversal vulnerability in Fortinet Fortiweb An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | 8.1 |
| 2022-02-01 | CVE-2022-23602 | Path Traversal vulnerability in Nim-Lang Docutils and Nimforum Nimforum is a lightweight alternative to Discourse written in Nim. | 8.1 |
| 2022-01-31 | CVE-2021-23520 | Path Traversal vulnerability in Juce The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. | 9.8 |
| 2022-01-31 | CVE-2021-34805 | Path Traversal vulnerability in Land-Software Faust Iserver An issue was discovered in FAUST iServer before 9.0.019.019.7. | 7.5 |
| 2022-01-31 | CVE-2022-23409 | Path Traversal vulnerability in Ethercreative Logs The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | 4.9 |
| 2022-01-28 | CVE-2021-23484 | Path Traversal vulnerability in Zip-Local Project Zip-Local The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory. | 9.8 |
| 2022-01-28 | CVE-2022-22790 | Path Traversal vulnerability in Synel Eharmony 8.0.2.3 SYNEL - eharmony Directory Traversal. | 7.5 |