Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-17 | CVE-2019-8411 | Path Traversal vulnerability in Zzcms 2018 admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | 7.5 |
| 2019-02-17 | CVE-2019-8407 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. | 6.5 |
| 2019-02-17 | CVE-2019-8389 | Path Traversal vulnerability in Musicloud Project Musicloud 1.6 A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. | 8.1 |
| 2019-02-16 | CVE-2019-8358 | Path Traversal vulnerability in Hiawatha-Webserver Hiawatha In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | 8.1 |
| 2019-02-15 | CVE-2015-4617 | Path Traversal vulnerability in Easy2Map Easy2Map-Photos 1.09 Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. | 7.5 |
| 2019-02-15 | CVE-2013-2565 | Path Traversal vulnerability in Mambo-Foundation Mambo CMS 4.6.5 A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. | 5.3 |
| 2019-02-13 | CVE-2019-5910 | Path Traversal vulnerability in Housegate House Gate 1.7.8 Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2019-02-10 | CVE-2018-20769 | Path Traversal vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 7.5 |
| 2019-02-09 | CVE-2019-7678 | Path Traversal vulnerability in Enphase Envoy A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | 9.8 |
| 2019-02-05 | CVE-2018-20251 | Path Traversal vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. | 5.5 |