Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2019-08-26 CVE-2019-15055 Path Traversal vulnerability in Mikrotik Routeros
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files.
network
low complexity
mikrotik CWE-22
6.5
6.5
2019-08-23 CVE-2019-11654 Path Traversal vulnerability in Microfocus Verastream Host Integrator 7.5/7.6/7.7
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
network
low complexity
microfocus CWE-22
7.5
7.5
2019-08-23 CVE-2019-15520 Path Traversal vulnerability in Comelz Quark 0.2
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
network
low complexity
comelz CWE-22
5.3
5.3
2019-08-23 CVE-2019-15519 Path Traversal vulnerability in Power-Response Project Power-Response
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
network
low complexity
power-response-project CWE-22
critical
 9.8
9.8
2019-08-23 CVE-2019-15518 Path Traversal vulnerability in Swoole
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
network
low complexity
swoole CWE-22
5.3
5.3
2019-08-23 CVE-2019-15517 Path Traversal vulnerability in Jc21 Nginx Proxy Manager
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
local
low complexity
jc21 CWE-22
5.5
5.5
2019-08-23 CVE-2019-15516 Path Traversal vulnerability in Cuberite
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
network
low complexity
cuberite CWE-22
7.5
7.5
2019-08-22 CVE-2019-15326 Path Traversal vulnerability in Codection Import Users From CSV With Meta
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
network
low complexity
codection CWE-22
7.5
7.5
2019-08-22 CVE-2017-18585 Path Traversal vulnerability in Ivycat Posts in Page
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
network
low complexity
ivycat CWE-22
8.1
8.1
2019-08-22 CVE-2017-18586 Path Traversal vulnerability in Insert Pages Project Insert Pages
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.
network
low complexity
insert-pages-project CWE-22
critical
 9.1
9.1