Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-07-05 CVE-2018-12976 Path Traversal vulnerability in Godoc GO DOC DOT ORG 20180627
In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.
network
low complexity
godoc CWE-22
critical
9.8
2018-07-05 CVE-2018-3766 Path Traversal vulnerability in Buttle Project Buttle
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.
network
low complexity
buttle-project CWE-22
7.5
2018-07-03 CVE-2018-11051 Path Traversal vulnerability in EMC RSA Certificate Manager 6.9
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server.
network
low complexity
emc CWE-22
7.5
2018-07-03 CVE-2018-7771 Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.
network
low complexity
schneider-electric CWE-22
8.0
2018-07-03 CVE-2018-7770 Path Traversal vulnerability in Schneider-Electric U.Motion
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.
network
low complexity
schneider-electric CWE-22
6.5
2018-07-03 CVE-2018-7764 Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1
The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4.
network
low complexity
schneider-electric CWE-22
4.3
2018-07-03 CVE-2018-7763 Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1
The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.
network
low complexity
schneider-electric CWE-22
4.3
2018-06-29 CVE-2018-10860 Path Traversal vulnerability in multiple products
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip.
7.5
2018-06-28 CVE-2017-16859 Path Traversal vulnerability in Atlassian Crucible
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
network
low complexity
atlassian CWE-22
6.5
2018-06-27 CVE-2018-12909 Path Traversal vulnerability in Webgrind Project Webgrind 1.5.0
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI.
network
low complexity
webgrind-project CWE-22
7.5