Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-07 | CVE-2019-17311 | Path Traversal vulnerability in Sugarcrm SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | 8.8 |
| 2019-10-05 | CVE-2019-17199 | Path Traversal vulnerability in Webpagetest 19.04 www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. | 7.5 |
| 2019-10-04 | CVE-2019-17180 | Path Traversal vulnerability in Valvesoftware Steam Client Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. | 7.8 |
| 2019-10-04 | CVE-2019-17175 | Path Traversal vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. | 7.5 |
| 2019-10-03 | CVE-2019-16198 | Path Traversal vulnerability in Kslabs Ksweb 3.93 KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter. | 6.5 |
| 2019-10-02 | CVE-2019-12691 | Path Traversal vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. | 4.9 |
| 2019-10-02 | CVE-2019-13343 | Path Traversal vulnerability in Butor Portal Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. | 7.5 |
| 2019-10-01 | CVE-2019-8291 | Path Traversal vulnerability in Online Store System Project Online Store System 1.0 Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. | 7.5 |
| 2019-10-01 | CVE-2019-17073 | Path Traversal vulnerability in Emlog emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. | 6.5 |
| 2019-10-01 | CVE-2019-7618 | Path Traversal vulnerability in Elastic Kibana 7.3.0/7.3.1/7.3.2 A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. | 6.5 |