Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-19753 | Path Traversal vulnerability in Oracle Tarantella Enterprise Tarantella Enterprise before 3.11 allows Directory Traversal. | 7.5 |
| 2018-12-05 | CVE-2018-19859 | Path Traversal vulnerability in Openrefine OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. | 6.5 |
| 2018-12-04 | CVE-2018-12314 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | 7.5 |
| 2018-12-04 | CVE-2018-12309 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. | 7.5 |
| 2018-12-04 | CVE-2018-12306 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | 7.5 |
| 2018-12-04 | CVE-2018-16478 | Path Traversal vulnerability in Simplehttpserver Project Simplehttpserver A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root. | 5.3 |
| 2018-12-03 | CVE-2018-14707 | Path Traversal vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. | 7.5 |
| 2018-12-01 | CVE-2018-3949 | Path Traversal vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0 An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. | 7.5 |
| 2018-11-30 | CVE-2018-7807 | Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. | 8.8 |
| 2018-11-30 | CVE-2018-7806 | Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Operation Data Center Operation allows for the upload of a zip file from its user interface to the server. | 8.8 |