Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-15519 Path Traversal vulnerability in Power-Response Project Power-Response
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
network
low complexity
power-response-project CWE-22
critical
 9.8
9.8
2019-08-23 CVE-2019-15518 Path Traversal vulnerability in Swoole
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
network
low complexity
swoole CWE-22
5.3
5.3
2019-08-23 CVE-2019-15517 Path Traversal vulnerability in Jc21 Nginx Proxy Manager
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
local
low complexity
jc21 CWE-22
5.5
5.5
2019-08-23 CVE-2019-15516 Path Traversal vulnerability in Cuberite
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
network
low complexity
cuberite CWE-22
7.5
7.5
2019-08-22 CVE-2019-15326 Path Traversal vulnerability in Codection Import Users From CSV With Meta
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
network
low complexity
codection CWE-22
7.5
7.5
2019-08-22 CVE-2017-18585 Path Traversal vulnerability in Ivycat Posts in Page
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
network
low complexity
ivycat CWE-22
8.1
8.1
2019-08-22 CVE-2017-18586 Path Traversal vulnerability in Insert Pages Project Insert Pages
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.
network
low complexity
insert-pages-project CWE-22
critical
 9.1
9.1
2019-08-22 CVE-2014-10390 Path Traversal vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
network
low complexity
wpsupportplus CWE-22
critical
 9.1
9.1
2019-08-22 CVE-2019-14751 Path Traversal vulnerability in Nltk
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
network
low complexity
nltk CWE-22
7.5
7.5
2019-08-22 CVE-2019-11029 Path Traversal vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal.
network
low complexity
mirasys CWE-22
7.5
7.5