Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-18212 | Path Traversal vulnerability in multiple products XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | 6.5 |
| 2019-10-23 | CVE-2019-8238 | Path Traversal vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. | 7.5 |
| 2019-10-23 | CVE-2019-18371 | Path Traversal vulnerability in MI Millet Router 3G Firmware An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. | 7.5 |
| 2019-10-21 | CVE-2019-16986 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. | 6.5 |
| 2019-10-21 | CVE-2019-16985 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | 6.5 |
| 2019-10-21 | CVE-2019-16990 | Path Traversal vulnerability in Fusionpbx In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. | 6.5 |
| 2019-10-17 | CVE-2019-14424 | Path Traversal vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. | 6.5 |
| 2019-10-16 | CVE-2019-15266 | Path Traversal vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. | 4.4 |
| 2019-10-16 | CVE-2019-12704 | Path Traversal vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. | 6.5 |
| 2019-10-14 | CVE-2019-16279 | Path Traversal vulnerability in Nazgul Nostromo Nhttpd A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | 7.5 |