Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-11720 | Path Traversal vulnerability in Xovis PC2 Firmware, Pc2R Firmware and PC3 Firmware Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. | 7.5 |
| 2018-08-30 | CVE-2018-16141 | Path Traversal vulnerability in Thinkcmf Thinkcmfx X2.2.3 ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. | 6.5 |
| 2018-08-29 | CVE-2018-16133 | Path Traversal vulnerability in Cybrotech Cybrohttpserver 1.0.3 Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | 5.3 |
| 2018-08-27 | CVE-2018-15810 | Path Traversal vulnerability in Visiology Flipbox 2.0.0/2.6.0 Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | 7.5 |
| 2018-08-27 | CVE-2018-15695 | Path Traversal vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | 6.5 |
| 2018-08-27 | CVE-2018-15694 | Path Traversal vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. | 7.5 |
| 2018-08-24 | CVE-2018-15536 | Path Traversal vulnerability in Tecrail Responsive Filemanager /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | 5.5 |
| 2018-08-24 | CVE-2018-15535 | Path Traversal vulnerability in Tecrail Responsive Filemanager /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. | 7.5 |
| 2018-08-22 | CVE-2017-2627 | Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. | 8.2 |
| 2018-08-21 | CVE-2018-14795 | Path Traversal vulnerability in Emerson Deltav DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | 8.8 |