Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-24 | CVE-2019-9960 | Path Traversal vulnerability in Limesurvey The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | 9.8 |
| 2019-03-23 | CVE-2019-9948 | Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 9.1 |
| 2019-03-22 | CVE-2019-9649 | Path Traversal vulnerability in Coreftp Core FTP 2.0 An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. | 5.3 |
| 2019-03-22 | CVE-2019-1765 | Path Traversal vulnerability in Cisco products A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. | 6.5 |
| 2019-03-22 | CVE-2019-9648 | Path Traversal vulnerability in Coreftp Core FTP 2.0 An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. | 5.3 |
| 2019-03-21 | CVE-2019-9889 | Path Traversal vulnerability in Vanillaforums Vanilla In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. | 2.7 |
| 2019-03-21 | CVE-2019-6714 | Path Traversal vulnerability in Blogengine Blogengine.Net 3.3/3.3.5.0/3.3.6.0 An issue was discovered in BlogEngine.NET through 3.3.6.0. | 9.8 |
| 2019-03-21 | CVE-2019-6274 | Path Traversal vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. | 8.8 |
| 2019-03-21 | CVE-2019-6273 | Path Traversal vulnerability in Gl-Inet Gl-Ar300M-Lite Firmware 2.27 download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | 6.5 |
| 2019-03-21 | CVE-2019-5417 | Path Traversal vulnerability in Zeit Serve A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. | 7.5 |