Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2020-10579 Path Traversal vulnerability in Invigo Automatic Device Management 5.0
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.
network
low complexity
invigo CWE-22
7.5
2021-03-25 CVE-2021-25367 Path Traversal vulnerability in Samsung Notes 2.0.02.31
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.
network
low complexity
samsung CWE-22
5.4
2021-03-24 CVE-2021-1385 Path Traversal vulnerability in Cisco IOS and IOS XE
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system.
network
low complexity
cisco CWE-22
6.5
2021-03-17 CVE-2020-13924 Path Traversal vulnerability in Apache Ambari
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
network
low complexity
apache CWE-22
7.5
2021-03-15 CVE-2020-29556 Path Traversal vulnerability in Getgrav Grav CMS
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique.
local
low complexity
getgrav CWE-22
5.5
2021-03-15 CVE-2020-29555 Path Traversal vulnerability in Getgrav Grav CMS
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique.
network
low complexity
getgrav CWE-22
8.1
2021-03-15 CVE-2021-23357 Path Traversal vulnerability in TYK
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function.
local
low complexity
tyk CWE-22
5.3
2021-03-10 CVE-2020-5016 Path Traversal vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2021-03-10 CVE-2021-20669 Path Traversal vulnerability in Weseek Growi
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.
network
low complexity
weseek CWE-22
4.7
2021-03-10 CVE-2021-20668 Path Traversal vulnerability in Weseek Growi
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.
network
low complexity
weseek CWE-22
2.7