Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2019-16123 | Path Traversal vulnerability in Kartatopia Piluscart 1.4.0/1.4.1 In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | 7.5 |
| 2019-09-08 | CVE-2019-16113 | Path Traversal vulnerability in Bludit 3.9.2 Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | 8.8 |
| 2019-09-08 | CVE-2019-16105 | Path Traversal vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644 Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | 4.9 |
| 2019-09-06 | CVE-2019-9854 | Path Traversal vulnerability in multiple products LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. | 7.8 |
| 2019-09-05 | CVE-2019-15952 | Path Traversal vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 8.8 |
| 2019-09-03 | CVE-2019-5480 | Path Traversal vulnerability in Statichttpserver Project Statichttpserver A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. | 5.3 |
| 2019-09-03 | CVE-2019-10197 | Path Traversal vulnerability in multiple products A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. | 9.1 |
| 2019-08-30 | CVE-2019-15630 | Path Traversal vulnerability in Mulesoft API Gateway and Mule Runtime Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. | 7.5 |
| 2019-08-30 | CVE-2019-15822 | Path Traversal vulnerability in Wpserveur WPS Child Theme Generator 1.0/1.1 The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | 9.8 |
| 2019-08-30 | CVE-2019-6113 | Path Traversal vulnerability in Onkyo Tx-Nr686 Firmware 1030500010400010 Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. | 7.5 |