Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-23 | CVE-2019-19893 | Path Traversal vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | 7.5 |
2020-01-23 | CVE-2013-6785 | Path Traversal vulnerability in Supermicro Intelligent Platform Management Interface Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | 4.3 |
2020-01-22 | CVE-2020-5221 | Path Traversal vulnerability in Troglobit Uftpd In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). | 7.2 |
2020-01-22 | CVE-2019-19834 | Path Traversal vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | 7.2 |
2020-01-21 | CVE-2020-7211 | Path Traversal vulnerability in multiple products tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | 7.5 |
2020-01-21 | CVE-2019-14768 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | 8.8 |
2020-01-21 | CVE-2019-14767 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | 7.5 |
2020-01-21 | CVE-2019-14766 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | 6.5 |
2020-01-17 | CVE-2014-5007 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. | 9.8 |
2020-01-17 | CVE-2019-15855 | Path Traversal vulnerability in Maarch RM An issue was discovered in Maarch RM before 2.5. | 9.1 |