Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-26 | CVE-2020-35362 | Path Traversal vulnerability in Dext5 Dext5Upload 2.7.1262310 DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. | 7.5 |
| 2020-12-26 | CVE-2020-35284 | Path Traversal vulnerability in Flamingoim Project Flamingoim 20200929 Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | 7.5 |
| 2020-12-25 | CVE-2020-35709 | Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | 4.9 |
| 2020-12-24 | CVE-2020-28187 | Path Traversal vulnerability in Terra-Master TOS Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php. | 9.8 |
| 2020-12-24 | CVE-2020-2504 | Path Traversal vulnerability in Qnap QES If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. | 7.5 |
| 2020-12-23 | CVE-2020-35598 | Path Traversal vulnerability in Advanced Comment System Project Advanced Comment System 1.0 ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. | 7.5 |
| 2020-12-23 | CVE-2020-35370 | Path Traversal vulnerability in Raysync A RCE vulnerability exists in Raysync below 3.3.3.8. | 8.8 |
| 2020-12-18 | CVE-2020-5803 | Path Traversal vulnerability in Marvell Qconvergeconsole 5.5.00.74 Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | 8.1 |
| 2020-12-18 | CVE-2020-20277 | Path Traversal vulnerability in Troglobit Uftpd There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | 9.8 |
| 2020-12-17 | CVE-2020-8463 | Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 7.5 |