Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-12169 | Path Traversal vulnerability in Atutor 2.2.1/2.2.2/2.2.4 ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | 8.8 |
| 2019-06-03 | CVE-2019-6754 | Path Traversal vulnerability in Foxitsoftware Foxit Reader This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. | 7.8 |
| 2019-06-03 | CVE-2019-12310 | Path Traversal vulnerability in Exagrid Backup Appliance Firmware 48.1.1044.P50 ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. | 9.8 |
| 2019-06-03 | CVE-2019-12593 | Path Traversal vulnerability in Icewarp Mail Server IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | 7.5 |
| 2019-06-03 | CVE-2019-3397 | Path Traversal vulnerability in Atlassian Bitbucket Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool. | 9.1 |
| 2019-05-31 | CVE-2019-9106 | Path Traversal vulnerability in Saet Tebe Small Firmware and Webapp The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. | 9.8 |
| 2019-05-31 | CVE-2019-10038 | Path Traversal vulnerability in Evernote 7.9 Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | 7.8 |
| 2019-05-30 | CVE-2019-9723 | Path Traversal vulnerability in Logicaldoc 8.0/8.1/8.1.1 LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry. | 7.1 |
| 2019-05-30 | CVE-2019-12459 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. | 5.3 |
| 2019-05-30 | CVE-2019-12458 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows css/ext-ux Directory Listing. | 5.3 |