Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-31 | CVE-2019-9106 | Path Traversal vulnerability in Saet Tebe Small Firmware and Webapp The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. | 9.8 |
| 2019-05-31 | CVE-2019-10038 | Path Traversal vulnerability in Evernote 7.9 Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | 7.8 |
| 2019-05-30 | CVE-2019-9723 | Path Traversal vulnerability in Logicaldoc 8.0/8.1/8.1.1 LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry. | 7.1 |
| 2019-05-30 | CVE-2019-12459 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. | 5.3 |
| 2019-05-30 | CVE-2019-12458 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows css/ext-ux Directory Listing. | 5.3 |
| 2019-05-30 | CVE-2019-12457 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows images/extjs Directory Listing. | 5.3 |
| 2019-05-29 | CVE-2018-16221 | Path Traversal vulnerability in Yealink Ultra-Elegant IP Phone Sip-T41P Firmware 66.83.0.35 The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). | 8.0 |
| 2019-05-29 | CVE-2019-9858 | Path Traversal vulnerability in multiple products Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. | 8.8 |
| 2019-05-24 | CVE-2016-10759 | Path Traversal vulnerability in Precurio 2.1 The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. | 9.8 |
| 2019-05-24 | CVE-2019-12314 | Path Traversal vulnerability in Deltek Maconomy 2.2.5 Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. | 9.8 |