Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-04-20 CVE-2018-10201 Path Traversal vulnerability in Ncomputing Vspace PRO 10/11
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11.
network
low complexity
ncomputing CWE-22
7.5
2018-04-18 CVE-2018-1000161 Path Traversal vulnerability in Nmap
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it.
network
low complexity
nmap CWE-22
5.7
2018-04-18 CVE-2018-5337 Path Traversal vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
network
low complexity
zohocorp CWE-22
critical
9.8
2018-04-17 CVE-2018-7539 Path Traversal vulnerability in Appeartv Xc5000 Firmware and Xc5100 Firmware
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088.
network
low complexity
appeartv CWE-22
critical
9.8
2018-04-17 CVE-2018-5430 Path Traversal vulnerability in Tibco products
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.
network
low complexity
tibco CWE-22
8.8
2018-04-17 CVE-2017-6020 Path Traversal vulnerability in Lcds Laquis Scada 4.1
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
network
low complexity
lcds CWE-22
5.3
2018-04-16 CVE-2018-10122 Path Traversal vulnerability in Chanzhi Pro1.6
QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php.
network
low complexity
chanzhi CWE-22
7.5
2018-04-16 CVE-2014-2069 Path Traversal vulnerability in Eshtery.She7Ata Eshtery CMS
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
network
low complexity
eshtery-she7ata CWE-22
7.5
2018-04-13 CVE-2018-10083 Path Traversal vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
network
low complexity
cmsmadesimple CWE-22
7.5
2018-04-12 CVE-2018-1079 Path Traversal vulnerability in multiple products
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call.
network
low complexity
clusterlabs redhat CWE-22
6.5