Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-1000161 | Path Traversal vulnerability in Nmap nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. | 5.7 |
| 2018-04-18 | CVE-2018-5337 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | 9.8 |
| 2018-04-17 | CVE-2018-7539 | Path Traversal vulnerability in Appeartv Xc5000 Firmware and Xc5100 Firmware On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. | 9.8 |
| 2018-04-17 | CVE-2018-5430 | Path Traversal vulnerability in Tibco products The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. | 8.8 |
| 2018-04-17 | CVE-2017-6020 | Path Traversal vulnerability in Lcds Laquis Scada 4.1 Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. | 5.3 |
| 2018-04-16 | CVE-2018-10122 | Path Traversal vulnerability in Chanzhi Pro1.6 QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php. | 7.5 |
| 2018-04-16 | CVE-2014-2069 | Path Traversal vulnerability in Eshtery.She7Ata Eshtery CMS Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. | 7.5 |
| 2018-04-13 | CVE-2018-10083 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter. | 7.5 |
| 2018-04-12 | CVE-2018-1079 | Path Traversal vulnerability in multiple products pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. | 6.5 |
| 2018-04-12 | CVE-2018-9118 | Path Traversal vulnerability in 99Robots WP Background Takeover Advertisements exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. | 7.5 |