Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2018-06-07 CVE-2017-16092 Path Traversal vulnerability in Sencisho Project Sencisho
Sencisho is a simple http server for local development.
network
low complexity
sencisho-project CWE-22
7.5
7.5
2018-06-07 CVE-2017-16091 Path Traversal vulnerability in Xtalk Project Xtalk
xtalk helps your browser talk to nodex, a simple web framework.
network
low complexity
xtalk-project CWE-22
7.5
7.5
2018-06-07 CVE-2017-16090 Path Traversal vulnerability in Fsk-Server Project Fsk-Server
fsk-server is a simple http server.
network
low complexity
fsk-server-project CWE-22
7.5
7.5
2018-06-07 CVE-2017-16089 Path Traversal vulnerability in Serverlyr Project Serverlyr
serverlyr is a simple http server.
network
low complexity
serverlyr-project CWE-22
7.5
7.5
2018-06-07 CVE-2017-16085 Path Traversal vulnerability in Tinyserver2 Project Tinyserver2 0.5.0/0.5.1/0.5.2
tinyserver2 is a webserver for static files.
network
low complexity
tinyserver2-project CWE-22
7.5
7.5
2018-06-07 CVE-2017-16084 Path Traversal vulnerability in List-N-Stream Project List-N-Stream
list-n-stream is a server for static files to list and stream local videos.
network
low complexity
list-n-stream-project CWE-22
7.5
7.5
2018-06-07 CVE-2017-16083 Path Traversal vulnerability in Node-Simple-Router
node-simple-router is a minimalistic router for Node.
network
low complexity
node-simple-router CWE-22
7.5
7.5
2018-06-05 CVE-2018-10057 Path Traversal vulnerability in multiple products
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
network
low complexity
bfgminer cgminer-project CWE-22
6.5
6.5
2018-06-05 CVE-2018-1000194 Path Traversal vulnerability in multiple products
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
network
low complexity
jenkins oracle CWE-22
8.1
8.1
2018-06-05 CVE-2018-8008 Path Traversal vulnerability in Apache Storm
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames.
local
low complexity
apache CWE-22
5.5
5.5