Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-17605 | Path Traversal vulnerability in Asset Pipeline Project Asset-Pipeline An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. | 7.5 |
| 2018-09-28 | CVE-2018-14957 | Path Traversal vulnerability in Isweb 3.5.3 CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | 9.8 |
| 2018-09-27 | CVE-2018-7102 | Path Traversal vulnerability in HP Intelligent Management Center A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification. | 7.5 |
| 2018-09-26 | CVE-2018-17365 | Path Traversal vulnerability in Seacms 6.64/7.2 SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | 7.5 |
| 2018-09-26 | CVE-2018-16968 | Path Traversal vulnerability in Citrix Sharefile Storagezones Controller Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | 3.1 |
| 2018-09-24 | CVE-2018-10501 | Path Traversal vulnerability in Samsung Notes This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. | 7.0 |
| 2018-09-24 | CVE-2018-16299 | Path Traversal vulnerability in Localize MY Post Project Localize MY Post 1.0 The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. | 7.5 |
| 2018-09-24 | CVE-2018-16283 | Path Traversal vulnerability in Wechat Brodcast Project Wechat Brodcast The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. | 9.8 |
| 2018-09-21 | CVE-2018-17297 | Path Traversal vulnerability in Hutool The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | 7.5 |
| 2018-09-20 | CVE-2018-6500 | Path Traversal vulnerability in HP Arcsight Management Center 2.0/2.9.1 A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. | 7.5 |