Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-06 | CVE-2018-16473 | Path Traversal vulnerability in Takeapeek Project Takeapeek A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. | 5.3 |
| 2018-11-06 | CVE-2018-9459 | Path Traversal vulnerability in Google Android In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. | 8.8 |
| 2018-11-06 | CVE-2018-9445 | Path Traversal vulnerability in Google Android In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. | 6.8 |
| 2018-11-05 | CVE-2018-18950 | Path Traversal vulnerability in Kindeditor KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. | 7.5 |
| 2018-11-05 | CVE-2018-18936 | Path Traversal vulnerability in Popojicms 2.0.1 An issue was discovered in PopojiCMS v2.0.1. | 7.5 |
| 2018-11-01 | CVE-2018-18777 | Path Traversal vulnerability in Microstrategy web 7 Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. | 4.3 |
| 2018-11-01 | CVE-2018-18890 | Path Traversal vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. | 5.3 |
| 2018-10-31 | CVE-2018-15706 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 6.5 |
| 2018-10-31 | CVE-2018-15705 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. | 6.5 |
| 2018-10-31 | CVE-2018-11759 | Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. | 7.5 |