Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-19893 Path Traversal vulnerability in Ixpdata Easyinstall 6.2.13723
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.
network
low complexity
ixpdata CWE-22
7.5
2020-01-23 CVE-2013-6785 Path Traversal vulnerability in Supermicro Intelligent Platform Management Interface
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.
network
low complexity
supermicro CWE-22
4.3
2020-01-22 CVE-2020-5221 Path Traversal vulnerability in Troglobit Uftpd
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath().
network
low complexity
troglobit CWE-22
7.2
2020-01-22 CVE-2019-19834 Path Traversal vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
network
low complexity
ruckuswireless CWE-22
7.2
2020-01-21 CVE-2020-7211 Path Traversal vulnerability in multiple products
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
network
low complexity
libslirp-project qemu CWE-22
7.5
2020-01-21 CVE-2019-14768 Path Traversal vulnerability in Dimo-Crm Yellowbox CRM
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
network
low complexity
dimo-crm CWE-22
8.8
2020-01-21 CVE-2019-14767 Path Traversal vulnerability in Dimo-Crm Yellowbox CRM
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.
network
low complexity
dimo-crm CWE-22
7.5
2020-01-21 CVE-2019-14766 Path Traversal vulnerability in Dimo-Crm Yellowbox CRM
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.
network
low complexity
dimo-crm CWE-22
6.5
2020-01-17 CVE-2014-5007 Path Traversal vulnerability in Zohocorp products
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a ..
network
low complexity
zohocorp CWE-22
critical
9.8
2020-01-17 CVE-2019-15855 Path Traversal vulnerability in Maarch RM
An issue was discovered in Maarch RM before 2.5.
network
low complexity
maarch CWE-22
critical
9.1