Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-9029 | Path Traversal vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | 6.5 |
| 2020-02-16 | CVE-2020-8996 | Path Traversal vulnerability in Aishu Anyshare Cloud 6.0.9 AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. | 4.3 |
| 2020-02-13 | CVE-2015-6589 | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | 8.8 |
| 2020-02-13 | CVE-2015-3309 | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. | 7.5 |
| 2020-02-13 | CVE-2020-8803 | Path Traversal vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | 9.8 |
| 2020-02-07 | CVE-2020-6768 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. | 7.5 |
| 2020-02-06 | CVE-2020-6767 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. | 6.5 |
| 2020-02-06 | CVE-2020-5720 | Path Traversal vulnerability in Mikrotik Winbox 3.18/3.20 MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. | 5.9 |
| 2020-02-05 | CVE-2020-8641 | Path Traversal vulnerability in Lotus Core CMS Project Lotus Core CMS 1.0.1 Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. | 8.8 |
| 2020-02-05 | CVE-2020-7966 | Path Traversal vulnerability in Gitlab GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | 7.5 |