Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-05-31 CVE-2014-10066 Path Traversal vulnerability in Fancy-Server Project Fancy-Server
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal.
network
low complexity
fancy-server-project CWE-22
7.5
2018-05-31 CVE-2018-11141 Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal.
network
low complexity
quest CWE-22
critical
9.8
2018-05-31 CVE-2018-11137 Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal.
network
low complexity
quest CWE-22
6.5
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
7.8
2018-05-29 CVE-2018-3744 Path Traversal vulnerability in Html-Pages Project Html-Pages 2.0.7
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
network
low complexity
html-pages-project CWE-22
critical
9.8
2018-05-29 CVE-2018-3734 Path Traversal vulnerability in Stattic Project Stattic 0.2.3
stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.
network
low complexity
stattic-project CWE-22
7.5
2018-05-29 CVE-2018-3733 Path Traversal vulnerability in Crud-File-Server Project Crud-File-Server
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
network
low complexity
crud-file-server-project CWE-22
7.5
2018-05-29 CVE-2017-16153 Path Traversal vulnerability in Gaoxuyan Project Gaoxuyan
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
network
low complexity
gaoxuyan-project CWE-22
7.5
2018-05-29 CVE-2014-10068 Path Traversal vulnerability in Hapi Inert 1.0.0/1.1.0
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.
network
low complexity
hapi CWE-22
7.5
2018-05-26 CVE-2018-6409 Path Traversal vulnerability in Machform 4.2.3
An issue was discovered in Appnitro MachForm before 4.2.3.
network
low complexity
machform CWE-22
5.3