Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2020-8641 | Path Traversal vulnerability in Lotus Core CMS Project Lotus Core CMS 1.0.1 Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. | 8.8 |
| 2020-02-05 | CVE-2020-7966 | Path Traversal vulnerability in Gitlab GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | 7.5 |
| 2020-02-05 | CVE-2020-5237 | Path Traversal vulnerability in 1UP Oneupuploaderbundle Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. | 8.8 |
| 2020-02-04 | CVE-2019-4674 | Path Traversal vulnerability in IBM Security Identity Manager 7.0.1 IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. | 4.9 |
| 2020-02-03 | CVE-2020-8545 | Path Traversal vulnerability in Circl AIL Framework 2.8 Global.py in AIL framework 2.8 allows path traversal. | 7.5 |
| 2020-01-31 | CVE-2014-5236 | Path Traversal vulnerability in Open-Xchange Appsuite Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | 7.5 |
| 2020-01-30 | CVE-2020-8446 | Path Traversal vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | 5.5 |
| 2020-01-29 | CVE-2020-3717 | Path Traversal vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. | 5.3 |
| 2020-01-28 | CVE-2015-7851 | Path Traversal vulnerability in NTP Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | 6.5 |
| 2020-01-28 | CVE-2013-4861 | Path Traversal vulnerability in Micasaverde Veralite Firmware 1.5.408 Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. | 6.5 |