Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-18371 | Path Traversal vulnerability in MI Millet Router 3G Firmware An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. | 7.5 |
| 2019-10-21 | CVE-2019-16986 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. | 6.5 |
| 2019-10-21 | CVE-2019-16985 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | 6.5 |
| 2019-10-21 | CVE-2019-16990 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. | 6.5 |
| 2019-10-17 | CVE-2019-14424 | Path Traversal vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. | 6.5 |
| 2019-10-16 | CVE-2019-15266 | Path Traversal vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. | 4.4 |
| 2019-10-16 | CVE-2019-12704 | Path Traversal vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. | 6.5 |
| 2019-10-14 | CVE-2019-16279 | Path Traversal vulnerability in Nazgul Nostromo Nhttpd A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | 7.5 |
| 2019-10-14 | CVE-2019-16278 | Path Traversal vulnerability in Nazgul Nostromo Nhttpd Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | 9.8 |
| 2019-10-13 | CVE-2019-17538 | Path Traversal vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | 7.5 |