Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-25 | CVE-2020-17385 | Path Traversal vulnerability in Cellopoint Cellos 4.1.10 Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. | 7.5 |
| 2020-08-24 | CVE-2020-7377 | Path Traversal vulnerability in Rapid7 Metasploit The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. | 7.5 |
| 2020-08-24 | CVE-2020-7376 | Path Traversal vulnerability in Rapid7 Metasploit The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | 9.8 |
| 2020-08-24 | CVE-2020-19877 | Path Traversal vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. | 5.3 |
| 2020-08-21 | CVE-2020-8227 | Path Traversal vulnerability in Nextcloud Desktop Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | 6.8 |
| 2020-08-21 | CVE-2020-15858 | Path Traversal vulnerability in Thalesgroup products Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. | 6.4 |
| 2020-08-21 | CVE-2020-24571 | Path Traversal vulnerability in Nexusdb NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | 7.5 |
| 2020-08-19 | CVE-2020-24368 | Path Traversal vulnerability in multiple products Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. | 7.5 |
| 2020-08-17 | CVE-2020-8209 | Path Traversal vulnerability in Citrix Xenmobile Server Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | 7.5 |
| 2020-08-14 | CVE-2020-9708 | Path Traversal vulnerability in Adobe Git-Server The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. | 7.5 |