Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-17109 Path Traversal vulnerability in Koji Project Koji
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
network
low complexity
koji-project CWE-22
6.5
2019-10-09 CVE-2019-0074 Path Traversal vulnerability in Juniper Junos
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files.
local
low complexity
juniper CWE-22
5.5
2019-10-09 CVE-2019-17399 Path Traversal vulnerability in Joomlashack Shack Forms PRO
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.
network
low complexity
joomlashack CWE-22
critical
9.8
2019-10-08 CVE-2019-17187 Path Traversal vulnerability in Fiberhome Hg2201T Firmware 1.00.M5007Js201804
/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
network
low complexity
fiberhome CWE-22
7.5
2019-10-07 CVE-2019-17314 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.
network
low complexity
sugarcrm CWE-22
7.2
2019-10-07 CVE-2019-17313 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.
network
low complexity
sugarcrm CWE-22
8.8
2019-10-07 CVE-2019-17312 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.
network
low complexity
sugarcrm CWE-22
8.8
2019-10-07 CVE-2019-17311 Path Traversal vulnerability in Sugarcrm
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.
network
low complexity
sugarcrm CWE-22
8.8
2019-10-05 CVE-2019-17199 Path Traversal vulnerability in Webpagetest 19.04
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\..
network
low complexity
webpagetest CWE-22
7.5
2019-10-04 CVE-2019-17180 Path Traversal vulnerability in Valvesoftware Steam Client
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM.
local
low complexity
valvesoftware CWE-22
7.8