Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-35598 | Path Traversal vulnerability in Advanced Comment System Project Advanced Comment System 1.0 ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. | 7.5 |
| 2020-12-23 | CVE-2020-35370 | Path Traversal vulnerability in Raysync A RCE vulnerability exists in Raysync below 3.3.3.8. | 8.8 |
| 2020-12-18 | CVE-2020-5803 | Path Traversal vulnerability in Marvell Qconvergeconsole 5.5.00.74 Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | 8.1 |
| 2020-12-18 | CVE-2020-20277 | Path Traversal vulnerability in Troglobit Uftpd There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | 9.8 |
| 2020-12-17 | CVE-2020-8463 | Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 7.5 |
| 2020-12-16 | CVE-2020-25617 | Path Traversal vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.8 |
| 2020-12-16 | CVE-2020-5683 | Path Traversal vulnerability in Weseek Growi Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file. | 7.5 |
| 2020-12-14 | CVE-2020-35460 | Path Traversal vulnerability in multiple products common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. | 5.3 |
| 2020-12-14 | CVE-2020-5639 | Path Traversal vulnerability in Soliton Filezen Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. | 9.8 |
| 2020-12-12 | CVE-2020-35176 | Path Traversal vulnerability in multiple products In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. | 5.3 |