Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-8889 | Path Traversal vulnerability in Blackberry Enterprise Mobility Server 2.6/2.8/2.8.17.29 A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | 4.7 |
| 2018-09-19 | CVE-2018-11762 | Path Traversal vulnerability in Apache Tika In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | 5.9 |
| 2018-09-18 | CVE-2018-16820 | Path Traversal vulnerability in Monstra 3.0.4 admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | 7.5 |
| 2018-09-18 | CVE-2018-16819 | Path Traversal vulnerability in Monstra 3.0.4 admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | 4.9 |
| 2018-09-18 | CVE-2018-13982 | Path Traversal vulnerability in multiple products Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. | 7.5 |
| 2018-09-17 | CVE-2018-8041 | Path Traversal vulnerability in Apache Camel Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | 5.3 |
| 2018-09-17 | CVE-2018-17125 | Path Traversal vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | 7.5 |
| 2018-09-12 | CVE-2018-15610 | Path Traversal vulnerability in Avaya IP Office 10.0/10.1/9.1 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. | 8.8 |
| 2018-09-11 | CVE-2018-16836 | Path Traversal vulnerability in Rubedo Project Rubedo Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | 9.8 |
| 2018-09-11 | CVE-2018-16831 | Path Traversal vulnerability in Smarty Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | 5.9 |