Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-12925 Path Traversal vulnerability in Mailenable
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user.
network
low complexity
mailenable CWE-22
8.1
8.1
2019-07-04 CVE-2019-13241 Path Traversal vulnerability in multiple products
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
local
low complexity
flightcrew-project canonical CWE-22
7.8
7.8
2019-07-03 CVE-2019-10717 Path Traversal vulnerability in Dotnetblogengine Blogengine.Net 3.3.7.0
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
network
low complexity
dotnetblogengine CWE-22
7.1
7.1
2019-07-02 CVE-2019-7254 Path Traversal vulnerability in Nortekcontrol products
Linear eMerge E3-Series devices allow File Inclusion.
network
low complexity
nortekcontrol CWE-22
7.5
7.5
2019-07-02 CVE-2019-7253 Path Traversal vulnerability in Nortekcontrol products
Linear eMerge E3-Series devices allow Directory Traversal.
network
low complexity
nortekcontrol CWE-22
critical
 9.8
9.8
2019-07-02 CVE-2019-7267 Path Traversal vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Cookie Path Traversal.
network
low complexity
nortekcontrol CWE-22
critical
 9.8
9.8
2019-06-30 CVE-2019-11826 Path Traversal vulnerability in Synology Moments
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
network
low complexity
synology CWE-22
8.8
8.8
2019-06-30 CVE-2019-11822 Path Traversal vulnerability in Synology Photo Station
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
network
low complexity
synology CWE-22
6.5
6.5
2019-06-28 CVE-2019-10985 Path Traversal vulnerability in Advantech Webaccess
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations.
network
low complexity
advantech CWE-22
critical
 9.1
9.1
2019-06-28 CVE-2018-14918 Path Traversal vulnerability in Loytec Lgate-902 Firmware 6.3.2
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
network
low complexity
loytec CWE-22
7.5
7.5