Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2015-7669 | Path Traversal vulnerability in Easy2Map Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | 9.8 |
| 2017-12-27 | CVE-2017-17927 | Path Traversal vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | 5.3 |
| 2017-12-27 | CVE-2017-17924 | Path Traversal vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | 5.3 |
| 2017-12-22 | CVE-2017-15309 | Path Traversal vulnerability in Huawei Ireader Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. | 7.1 |
| 2017-12-22 | CVE-2017-10907 | Path Traversal vulnerability in Spiqe Onethird CMS Show OFF 1.85 Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. | 4.3 |
| 2017-12-20 | CVE-2017-5261 | Path Traversal vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | 8.8 |
| 2017-12-20 | CVE-2017-15532 | Path Traversal vulnerability in Symantec Messaging Gateway Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). | 5.7 |
| 2017-12-18 | CVE-2017-17739 | Path Traversal vulnerability in Brightsign 4K242 Firmware 6.2.63 The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | 9.8 |
| 2017-12-16 | CVE-2017-17715 | Path Traversal vulnerability in Telegram Messenger The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 8.8 |
| 2017-12-15 | CVE-2017-16788 | Path Traversal vulnerability in Meinbergglobal Lantime Firmware Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | 7.2 |