Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-04-12 CVE-2018-9118 Path Traversal vulnerability in 99Robots WP Background Takeover Advertisements
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a ..
network
low complexity
99robots CWE-22
7.5
2018-04-10 CVE-2018-9038 Path Traversal vulnerability in Monstra 3.0.4
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
network
low complexity
monstra CWE-22
6.5
2018-04-08 CVE-2018-9851 Path Traversal vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.
network
low complexity
gxlcms CWE-22
7.5
2018-04-08 CVE-2018-9850 Path Traversal vulnerability in Gxlcms QY 1.0.0713
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
network
low complexity
gxlcms CWE-22
7.5
2018-04-07 CVE-2018-9331 Path Traversal vulnerability in Zzcms 8.2
An issue was discovered in zzcms 8.2.
network
low complexity
zzcms CWE-22
7.5
2018-04-04 CVE-2018-9205 Path Traversal vulnerability in Drupal Avatar Uploader 7.X1.0
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
network
low complexity
drupal CWE-22
7.5
2018-04-03 CVE-2018-8780 Path Traversal vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters.
network
low complexity
ruby-lang canonical debian CWE-22
critical
9.1
2018-04-03 CVE-2018-6914 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a ..
network
low complexity
ruby-lang canonical debian redhat CWE-22
7.5
2018-04-02 CVE-2018-6660 Path Traversal vulnerability in Mcafee Epolicy Orchestrator
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
network
low complexity
mcafee CWE-22
4.9
2018-03-31 CVE-2018-9159 Path Traversal vulnerability in Sparkjava Spark
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences.
network
low complexity
sparkjava CWE-22
5.3