Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-05-26 CVE-2018-11495 Path Traversal vulnerability in Opencart
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id.
network
low complexity
opencart CWE-22
4.9
2018-05-24 CVE-2017-9664 Path Traversal vulnerability in ABB Srea-01 Firmware and Srea-50 Firmware
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths.
network
low complexity
abb CWE-22
critical
9.8
2018-05-24 CVE-2018-11413 Path Traversal vulnerability in Bearadmin Project Bearadmin 0.5
An issue was discovered in BearAdmin 0.5.
network
low complexity
bearadmin-project CWE-22
6.5
2018-05-23 CVE-2018-10357 Path Traversal vulnerability in Trendmicro Endpoint Application Control 2.0
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet.
network
low complexity
trendmicro CWE-22
8.8
2018-05-22 CVE-2018-11344 Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.
network
low complexity
asustor CWE-22
6.5
2018-05-22 CVE-2018-11342 Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.
network
low complexity
asustor CWE-22
4.3
2018-05-22 CVE-2018-11341 Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
network
low complexity
asustor CWE-22
7.2
2018-05-20 CVE-2018-11319 Path Traversal vulnerability in multiple products
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root).
network
high complexity
syntastic-project debian CWE-22
7.5
2018-05-18 CVE-2018-11248 Path Traversal vulnerability in Liulishuo Filedownloader 1.7.3
util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name.
network
low complexity
liulishuo CWE-22
critical
9.8
2018-05-17 CVE-2018-0323 Path Traversal vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.7.1
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system.
network
low complexity
cisco CWE-22
6.5