Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2018-9038 | Path Traversal vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | 6.5 |
| 2018-04-08 | CVE-2018-9851 | Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | 7.5 |
| 2018-04-08 | CVE-2018-9850 | Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. | 7.5 |
| 2018-04-07 | CVE-2018-9331 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-04-04 | CVE-2018-9205 | Path Traversal vulnerability in Drupal Avatar Uploader 7.X1.0 Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | 7.5 |
| 2018-04-03 | CVE-2018-8780 | Path Traversal vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. | 9.1 |
| 2018-04-03 | CVE-2018-6914 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. | 7.5 |
| 2018-04-02 | CVE-2018-6660 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | 4.9 |
| 2018-03-31 | CVE-2018-9159 | Path Traversal vulnerability in Sparkjava Spark In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. | 5.3 |
| 2018-03-30 | CVE-2018-7171 | Path Traversal vulnerability in Lynxtechnology Twonky Server Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. | 7.5 |