Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-26 | CVE-2018-11495 | Path Traversal vulnerability in Opencart OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. | 4.9 |
2018-05-24 | CVE-2017-9664 | Path Traversal vulnerability in ABB Srea-01 Firmware and Srea-50 Firmware In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. | 9.8 |
2018-05-24 | CVE-2018-11413 | Path Traversal vulnerability in Bearadmin Project Bearadmin 0.5 An issue was discovered in BearAdmin 0.5. | 6.5 |
2018-05-23 | CVE-2018-10357 | Path Traversal vulnerability in Trendmicro Endpoint Application Control 2.0 A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. | 8.8 |
2018-05-22 | CVE-2018-11344 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | 6.5 |
2018-05-22 | CVE-2018-11342 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. | 4.3 |
2018-05-22 | CVE-2018-11341 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. | 7.2 |
2018-05-20 | CVE-2018-11319 | Path Traversal vulnerability in multiple products Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). | 7.5 |
2018-05-18 | CVE-2018-11248 | Path Traversal vulnerability in Liulishuo Filedownloader 1.7.3 util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. | 9.8 |
2018-05-17 | CVE-2018-0323 | Path Traversal vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.7.1 A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. | 6.5 |