Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-29 | CVE-2018-19748 | Path Traversal vulnerability in Sdcms 1.6 app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. | 7.5 |
| 2018-11-29 | CVE-2018-19666 | Path Traversal vulnerability in multiple products The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. | 7.8 |
| 2018-11-27 | CVE-2018-13332 | Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03 Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | 7.5 |
| 2018-11-27 | CVE-2018-17934 | Path Traversal vulnerability in Nuuo CMS NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. | 9.8 |
| 2018-11-26 | CVE-2018-13322 | Path Traversal vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | 6.5 |
| 2018-11-17 | CVE-2018-19329 | Path Traversal vulnerability in Greencms 2.3.0603 GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button. | 4.9 |
| 2018-11-17 | CVE-2018-19328 | Path Traversal vulnerability in Laobancms 2.0 LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | 9.8 |
| 2018-11-17 | CVE-2018-19326 | Path Traversal vulnerability in Zyxel Vmg1312-B10D Firmware Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | 7.5 |
| 2018-11-16 | CVE-2018-1797 | Path Traversal vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. | 5.5 |
| 2018-11-15 | CVE-2018-0693 | Path Traversal vulnerability in Soliton Filezen Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | 7.5 |