Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-20 | CVE-2018-1656 | Path Traversal vulnerability in multiple products The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. | 6.5 |
| 2018-08-20 | CVE-2017-16744 | Path Traversal vulnerability in Tridium Niagara and Niagara AX Framework A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials. | 7.2 |
| 2018-08-18 | CVE-2018-15495 | Path Traversal vulnerability in Tecrail Responsive Filemanager /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. | 7.5 |
| 2018-08-15 | CVE-2018-10510 | Path Traversal vulnerability in Trendmicro Control Manager 6.0/7.0 A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. | 9.8 |
| 2018-08-15 | CVE-2018-14007 | Path Traversal vulnerability in Citrix Xenserver 7.1/7.4/7.5 Citrix XenServer 7.1 and newer allows Directory Traversal. | 9.8 |
| 2018-08-15 | CVE-2018-15138 | Path Traversal vulnerability in Ericssonlg Ipecs NMS 30M2.3Gn/30Mb.2Ia Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | 7.5 |
| 2018-08-14 | CVE-2018-14429 | Path Traversal vulnerability in Man-Cgi Project Man-Cgi man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | 7.5 |
| 2018-08-14 | CVE-2018-7098 | Path Traversal vulnerability in HP 3Par Service Provider Sp4.2.0/Sp4.3.0/Sp4.4.0 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). | 8.4 |
| 2018-08-13 | CVE-2018-15142 | Path Traversal vulnerability in Open-Emr Openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | 8.8 |
| 2018-08-13 | CVE-2018-15141 | Path Traversal vulnerability in Open-Emr Openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. | 6.5 |