Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2020-5221 | Path Traversal vulnerability in Troglobit Uftpd In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). | 7.2 |
| 2020-01-22 | CVE-2019-19834 | Path Traversal vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | 7.2 |
| 2020-01-21 | CVE-2020-7211 | Path Traversal vulnerability in multiple products tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | 7.5 |
| 2020-01-21 | CVE-2019-14768 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | 8.8 |
| 2020-01-21 | CVE-2019-14767 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | 7.5 |
| 2020-01-21 | CVE-2019-14766 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | 6.5 |
| 2020-01-17 | CVE-2014-5007 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. | 9.8 |
| 2020-01-17 | CVE-2019-15855 | Path Traversal vulnerability in Maarch RM An issue was discovered in Maarch RM before 2.5. | 9.1 |
| 2020-01-15 | CVE-2015-6591 | Path Traversal vulnerability in Freereprintables Articlefr 3.0.4/3.0.6/3.0.7 Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter. | 5.5 |
| 2020-01-15 | CVE-2015-5952 | Path Traversal vulnerability in Thomsonreuters Fatca Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter. | 9.8 |