Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-11-06 CVE-2018-16473 Path Traversal vulnerability in Takeapeek Project Takeapeek
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
network
low complexity
takeapeek-project CWE-22
5.3
2018-11-06 CVE-2018-9459 Path Traversal vulnerability in Google Android
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error.
network
low complexity
google CWE-22
8.8
2018-11-06 CVE-2018-9445 Path Traversal vulnerability in Google Android
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy.
low complexity
google CWE-22
6.8
2018-11-05 CVE-2018-18950 Path Traversal vulnerability in Kindeditor
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php.
network
low complexity
kindeditor CWE-22
7.5
2018-11-05 CVE-2018-18936 Path Traversal vulnerability in Popojicms 2.0.1
An issue was discovered in PopojiCMS v2.0.1.
network
low complexity
popojicms CWE-22
7.5
2018-11-01 CVE-2018-18777 Path Traversal vulnerability in Microstrategy web 7
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
network
low complexity
microstrategy CWE-22
4.3
2018-11-01 CVE-2018-18890 Path Traversal vulnerability in 1234N Minicms 1.10
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
network
low complexity
1234n CWE-22
5.3
2018-10-31 CVE-2018-15706 Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
network
low complexity
advantech CWE-22
6.5
2018-10-31 CVE-2018-15705 Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API.
network
low complexity
advantech CWE-22
6.5
2018-10-31 CVE-2018-11759 Path Traversal vulnerability in multiple products
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly.
network
low complexity
apache debian redhat CWE-22
7.5