Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-05 | CVE-2017-16922 | Path Traversal vulnerability in Wowza Streaming Engine In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request. | 5.3 |
| 2018-03-05 | CVE-2018-1316 | Path Traversal vulnerability in Apache ODE The ODE process deployment web service was sensible to deployment messages with forged names. | 7.5 |
| 2018-03-04 | CVE-2018-7654 | Path Traversal vulnerability in 3CX 15.5.6354.2 On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | 6.5 |
| 2018-03-01 | CVE-2018-7586 | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 7.5 |
| 2018-03-01 | CVE-2018-2380 | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.6 |
| 2018-03-01 | CVE-2018-2367 | Path Traversal vulnerability in SAP Business Application Software Integrated Solution ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 8.8 |
| 2018-02-28 | CVE-2015-5079 | Path Traversal vulnerability in Blackcat-Cms Blackcat CMS Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2018-02-28 | CVE-2017-9447 | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 7.5 |
| 2018-02-28 | CVE-2018-7482 | Path Traversal vulnerability in Joomlaworks K2 2.8.0 The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. | 7.5 |
| 2018-02-27 | CVE-2018-7467 | Path Traversal vulnerability in Axxonsoft Next AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | 7.5 |