Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-28 | CVE-2018-7482 | Path Traversal vulnerability in Joomlaworks K2 2.8.0 The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. | 7.5 |
| 2018-02-27 | CVE-2018-7467 | Path Traversal vulnerability in Axxonsoft Next AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | 7.5 |
| 2018-02-27 | CVE-2018-7172 | Path Traversal vulnerability in Wondercms In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. | 4.9 |
| 2018-02-26 | CVE-2018-7490 | Path Traversal vulnerability in multiple products uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. | 7.5 |
| 2018-02-26 | CVE-2017-16814 | Path Traversal vulnerability in Foxitsoftware Mobilepdf A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. | 5.5 |
| 2018-02-26 | CVE-2018-7486 | Path Traversal vulnerability in Blueriver Muracms Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. | 7.2 |
| 2018-02-24 | CVE-2018-7434 | Path Traversal vulnerability in Zzcms 8.2 zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. | 5.3 |
| 2018-02-23 | CVE-2018-7442 | Path Traversal vulnerability in Leptonica An issue was discovered in Leptonica through 1.75.3. | 9.1 |
| 2018-02-23 | CVE-2017-18196 | Path Traversal vulnerability in Leptonica 1.74.4 Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. | 3.3 |
| 2018-02-22 | CVE-2018-7300 | Path Traversal vulnerability in Eq-3 Homematic Ccu2 Firmware Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. | 9.8 |