Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2020-13450 | Path Traversal vulnerability in Thecodingmachine Gotenberg A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. | 9.8 |
| 2021-01-07 | CVE-2020-13449 | Path Traversal vulnerability in Thecodingmachine Gotenberg A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. | 7.5 |
| 2021-01-07 | CVE-2021-23242 | Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | 5.3 |
| 2021-01-07 | CVE-2021-23241 | Path Traversal vulnerability in Mercusys Mercury X18G Firmware 1.0.5 MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | 5.3 |
| 2021-01-05 | CVE-2020-36052 | Path Traversal vulnerability in 1234N Minicms 1.10 Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. | 9.8 |
| 2021-01-05 | CVE-2020-36051 | Path Traversal vulnerability in 1234N Minicms 1.10 Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter. | 7.5 |
| 2021-01-05 | CVE-2020-17518 | Path Traversal vulnerability in Apache Flink Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. | 7.5 |
| 2021-01-05 | CVE-2021-3019 | Path Traversal vulnerability in Lanproxy Project Lanproxy 0.1 ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. | 7.5 |
| 2021-01-04 | CVE-2020-22550 | Path Traversal vulnerability in Veno File Manager Project Veno File Manager 3.5.6 Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. | 7.5 |
| 2020-12-31 | CVE-2018-19945 | Path Traversal vulnerability in Qnap QTS A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. | 9.1 |