Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-13 | CVE-2018-20128 | Path Traversal vulnerability in Usualtool Usualtoolcms 8.0 An issue was discovered in UsualToolCMS v8.0. | 7.5 |
| 2018-12-12 | CVE-2018-20094 | Path Traversal vulnerability in Xuxueli Xxl-Conf 1.6.0 An issue was discovered in XXL-CONF 1.6.0. | 7.5 |
| 2018-12-11 | CVE-2018-20064 | Path Traversal vulnerability in Doorgets 7.0 doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. | 7.5 |
| 2018-12-11 | CVE-2018-20058 | Path Traversal vulnerability in Evernote In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | 7.5 |
| 2018-12-10 | CVE-2018-1000863 | Path Traversal vulnerability in multiple products A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins. | 8.2 |
| 2018-12-05 | CVE-2018-19753 | Path Traversal vulnerability in Oracle Tarantella Enterprise Tarantella Enterprise before 3.11 allows Directory Traversal. | 7.5 |
| 2018-12-05 | CVE-2018-19859 | Path Traversal vulnerability in Openrefine OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. | 6.5 |
| 2018-12-04 | CVE-2018-12314 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | 7.5 |
| 2018-12-04 | CVE-2018-12309 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. | 7.5 |
| 2018-12-04 | CVE-2018-12306 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | 7.5 |