Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-02 | CVE-2018-6660 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | 4.9 |
| 2018-03-31 | CVE-2018-9159 | Path Traversal vulnerability in Sparkjava Spark In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. | 5.3 |
| 2018-03-30 | CVE-2018-7171 | Path Traversal vulnerability in Lynxtechnology Twonky Server Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. | 7.5 |
| 2018-03-30 | CVE-2018-3822 | Path Traversal vulnerability in Elastic X-Pack 6.2.0/6.2.1/6.2.2 X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. | 9.8 |
| 2018-03-29 | CVE-2018-9117 | Path Traversal vulnerability in Wiremock WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | 5.3 |
| 2018-03-28 | CVE-2018-9110 | Path Traversal vulnerability in Std42 Elfinder Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | 9.1 |
| 2018-03-28 | CVE-2018-9109 | Path Traversal vulnerability in Std42 Elfinder Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | 9.1 |
| 2018-03-26 | CVE-2017-12815 | Path Traversal vulnerability in Bomgar Remote Support Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. | 10.0 |
| 2018-03-26 | CVE-2018-1204 | Path Traversal vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. | 6.7 |
| 2018-03-25 | CVE-2018-9010 | Path Traversal vulnerability in Intelbras Tip200 Firmware and Tip200Lite Firmware Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. | 7.2 |