Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-30 | CVE-2019-7237 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. | 7.5 |
| 2019-01-30 | CVE-2019-7236 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 An issue was discovered in idreamsoft iCMS 7.0.13. | 7.5 |
| 2019-01-30 | CVE-2019-7235 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 An issue was discovered in idreamsoft iCMS 7.0.13. | 7.5 |
| 2019-01-30 | CVE-2019-7234 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 An issue was discovered in idreamsoft iCMS 7.0.13. | 9.1 |
| 2019-01-29 | CVE-2019-7160 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | 9.8 |
| 2019-01-23 | CVE-2018-1000997 | Path Traversal vulnerability in Jenkins A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | 6.5 |
| 2019-01-21 | CVE-2019-6500 | Path Traversal vulnerability in Axway File Tranfer Direct 2.7.1 In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. | 7.5 |
| 2019-01-16 | CVE-2018-15782 | Path Traversal vulnerability in RSA Authentication Manager The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. | 7.8 |
| 2019-01-16 | CVE-2015-9277 | Path Traversal vulnerability in Mailenable MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. | 9.1 |
| 2019-01-15 | CVE-2018-20714 | Path Traversal vulnerability in Woocommerce The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. | 8.1 |