Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-08 | CVE-2018-5283 | Path Traversal vulnerability in Photos in Wifi Project Photos in Wifi 1.0.1 The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | 7.5 |
| 2018-01-08 | CVE-2018-5291 | Path Traversal vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | 7.5 |
| 2018-01-08 | CVE-2018-5290 | Path Traversal vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | 7.5 |
| 2018-01-08 | CVE-2018-5289 | Path Traversal vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | 7.5 |
| 2018-01-08 | CVE-2018-5287 | Path Traversal vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | 7.5 |
| 2018-01-05 | CVE-2017-15550 | Path Traversal vulnerability in EMC products An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. | 8.8 |
| 2018-01-05 | CVE-2017-16720 | Path Traversal vulnerability in Advantech Webaccess A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. | 9.8 |
| 2018-01-03 | CVE-2017-1000472 | Path Traversal vulnerability in multiple products The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | 6.5 |
| 2018-01-03 | CVE-2017-1000490 | Path Traversal vulnerability in multiple products Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | 6.5 |
| 2018-01-03 | CVE-2017-1000501 | Path Traversal vulnerability in multiple products Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | 9.8 |