Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-17739 | Path Traversal vulnerability in Brightsign 4K242 Firmware 6.2.63 The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | 9.8 |
| 2017-12-16 | CVE-2017-17715 | Path Traversal vulnerability in Telegram Messenger The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 8.8 |
| 2017-12-15 | CVE-2017-16788 | Path Traversal vulnerability in Meinbergglobal Lantime Firmware Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | 7.2 |
| 2017-12-14 | CVE-2017-17671 | Path Traversal vulnerability in Vbulletin vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. | 9.8 |
| 2017-12-11 | CVE-2017-1548 | Path Traversal vulnerability in IBM Sterling File Gateway 2.2 IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2017-12-08 | CVE-2017-15895 | Path Traversal vulnerability in Synology Router Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 6.5 |
| 2017-12-08 | CVE-2017-15894 | Path Traversal vulnerability in Synology Diskstation Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 6.5 |
| 2017-12-08 | CVE-2017-15893 | Path Traversal vulnerability in Synology File Station Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 6.5 |
| 2017-12-05 | CVE-2017-16929 | Path Traversal vulnerability in Claymore Dual Miner Project Claymore Dual Miner 10.1 The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. | 8.1 |
| 2017-12-01 | CVE-2017-10861 | Path Traversal vulnerability in Qualitysoft QND Advance/Standard Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. | 9.1 |