Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-24 | CVE-2014-1923 | Path Traversal vulnerability in Koha Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | 7.5 |
| 2020-01-24 | CVE-2014-1922 | Path Traversal vulnerability in Koha Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2020-01-23 | CVE-2019-19893 | Path Traversal vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | 7.5 |
| 2020-01-23 | CVE-2013-6785 | Path Traversal vulnerability in Supermicro Intelligent Platform Management Interface Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | 4.3 |
| 2020-01-22 | CVE-2020-5221 | Path Traversal vulnerability in Troglobit Uftpd In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). | 7.2 |
| 2020-01-22 | CVE-2019-19834 | Path Traversal vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | 7.2 |
| 2020-01-21 | CVE-2020-7211 | Path Traversal vulnerability in multiple products tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | 7.5 |
| 2020-01-21 | CVE-2019-14768 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | 8.8 |
| 2020-01-21 | CVE-2019-14767 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | 7.5 |
| 2020-01-21 | CVE-2019-14766 | Path Traversal vulnerability in Dimo-Crm Yellowbox CRM Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | 6.5 |