Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-16902 Path Traversal vulnerability in Reputeinfosystems Arforms 3.7.1
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
network
low complexity
reputeinfosystems CWE-22
7.5
7.5
2019-09-26 CVE-2019-16915 Path Traversal vulnerability in Netgate Pfsense
An issue was discovered in pfSense through 2.4.4-p3.
network
low complexity
netgate CWE-22
critical
 9.8
9.8
2019-09-26 CVE-2019-16903 Path Traversal vulnerability in Plutinosoft Platinum 1.2.0
Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /..
network
low complexity
plutinosoft CWE-22
5.3
5.3
2019-09-25 CVE-2019-12666 Path Traversal vulnerability in Cisco IOS XE
A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software.
local
low complexity
cisco CWE-22
6.7
6.7
2019-09-25 CVE-2019-16868 Path Traversal vulnerability in Emlog
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
network
low complexity
emlog CWE-22
critical
 9.8
9.8
2019-09-25 CVE-2019-16867 Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774.
network
low complexity
hongcms-project CWE-22
6.5
6.5
2019-09-23 CVE-2019-13063 Path Traversal vulnerability in Sahipro Sahi PRO 8.0.0
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page.
network
low complexity
sahipro CWE-22
7.5
7.5
2019-09-21 CVE-2019-16680 Path Traversal vulnerability in multiple products
An issue was discovered in GNOME file-roller before 3.29.91.
network
low complexity
gnome redhat debian canonical CWE-22
4.3
4.3
2019-09-21 CVE-2019-16679 Path Traversal vulnerability in Gilacms Gila CMS
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
network
low complexity
gilacms CWE-22
4.9
4.9
2019-09-20 CVE-2015-9406 Path Traversal vulnerability in Mtheme-Unus Project Mtheme-Unus
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a ..
network
low complexity
mtheme-unus-project CWE-22
7.5
7.5