Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11141 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. | 9.8 |
| 2018-05-31 | CVE-2018-11137 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. | 6.5 |
| 2018-05-30 | CVE-2018-11235 | Path Traversal vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. | 7.8 |
| 2018-05-29 | CVE-2018-3744 | Path Traversal vulnerability in Html-Pages Project Html-Pages 2.0.7 The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | 9.8 |
| 2018-05-29 | CVE-2018-3734 | Path Traversal vulnerability in Stattic Project Stattic 0.2.3 stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2018-3733 | Path Traversal vulnerability in Crud-File-Server Project Crud-File-Server crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2017-16153 | Path Traversal vulnerability in Gaoxuyan Project Gaoxuyan gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | 7.5 |
| 2018-05-29 | CVE-2014-10068 | Path Traversal vulnerability in Hapi Inert 1.0.0/1.1.0 The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | 7.5 |
| 2018-05-26 | CVE-2018-6409 | Path Traversal vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 5.3 |
| 2018-05-26 | CVE-2018-11495 | Path Traversal vulnerability in Opencart OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. | 4.9 |