Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2013-4658 | Path Traversal vulnerability in Linksys Ea6500 Firmware Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | 9.8 |
| 2019-10-25 | CVE-2013-4855 | Path Traversal vulnerability in Dlink Dir-865L Firmware D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 8.8 |
| 2019-10-24 | CVE-2019-18393 | Path Traversal vulnerability in Igniterealtime Openfire PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. | 5.3 |
| 2019-10-23 | CVE-2019-18212 | Path Traversal vulnerability in multiple products XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | 6.5 |
| 2019-10-23 | CVE-2019-8238 | Path Traversal vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. | 7.5 |
| 2019-10-23 | CVE-2019-18371 | Path Traversal vulnerability in MI Millet Router 3G Firmware An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. | 7.5 |
| 2019-10-21 | CVE-2019-16986 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. | 6.5 |
| 2019-10-21 | CVE-2019-16985 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | 6.5 |
| 2019-10-21 | CVE-2019-16990 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. | 6.5 |
| 2019-10-17 | CVE-2019-14424 | Path Traversal vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. | 6.5 |