Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2018-15706 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 6.5 |
| 2018-10-31 | CVE-2018-15705 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. | 6.5 |
| 2018-10-31 | CVE-2018-11759 | Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. | 7.5 |
| 2018-10-31 | CVE-2018-18869 | Path Traversal vulnerability in Phome Empirecms 7.5 EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. | 9.8 |
| 2018-10-30 | CVE-2018-18831 | Path Traversal vulnerability in Mingsoft Mcms 4.6.5 An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. | 7.5 |
| 2018-10-29 | CVE-2018-18713 | Path Traversal vulnerability in PHPyun 4.6 The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | 7.5 |
| 2018-10-29 | CVE-2018-18703 | Path Traversal vulnerability in PHPtpoint Mailing Server Using File Handling 1.0 PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. | 7.5 |
| 2018-10-29 | CVE-2016-10733 | Path Traversal vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string. | 9.8 |
| 2018-10-24 | CVE-2018-18552 | Path Traversal vulnerability in Serverscheck Monitoring Software ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. | 6.5 |
| 2018-10-24 | CVE-2018-15750 | Path Traversal vulnerability in Saltstack Salt Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | 5.3 |