Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-08-27 CVE-2018-15694 Path Traversal vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability.
network
high complexity
asustor CWE-22
7.5
2018-08-24 CVE-2018-15536 Path Traversal vulnerability in Tecrail Responsive Filemanager
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
local
low complexity
tecrail CWE-22
5.5
2018-08-24 CVE-2018-15535 Path Traversal vulnerability in Tecrail Responsive Filemanager
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
network
low complexity
tecrail CWE-22
7.5
2018-08-22 CVE-2017-2627 Path Traversal vulnerability in multiple products
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11.
local
low complexity
redhat openstack CWE-22
8.2
2018-08-21 CVE-2018-14795 Path Traversal vulnerability in Emerson Deltav
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
network
low complexity
emerson CWE-22
8.8
2018-08-20 CVE-2018-1656 Path Traversal vulnerability in multiple products
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files.
network
low complexity
ibm redhat oracle CWE-22
6.5
2018-08-20 CVE-2017-16744 Path Traversal vulnerability in Tridium Niagara and Niagara AX Framework
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
network
low complexity
tridium CWE-22
7.2
2018-08-18 CVE-2018-15495 Path Traversal vulnerability in Tecrail Responsive Filemanager
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
network
low complexity
tecrail CWE-22
7.5
2018-08-15 CVE-2018-10510 Path Traversal vulnerability in Trendmicro Control Manager 6.0/7.0
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-22
critical
9.8
2018-08-15 CVE-2018-14007 Path Traversal vulnerability in Citrix Xenserver 7.1/7.4/7.5
Citrix XenServer 7.1 and newer allows Directory Traversal.
network
low complexity
citrix CWE-22
critical
9.8