Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2018-9205 | Path Traversal vulnerability in Drupal Avatar Uploader 7.X1.0 Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | 7.5 |
| 2018-04-03 | CVE-2018-8780 | Path Traversal vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. | 9.1 |
| 2018-04-03 | CVE-2018-6914 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. | 7.5 |
| 2018-04-02 | CVE-2018-6660 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | 4.9 |
| 2018-03-31 | CVE-2018-9159 | Path Traversal vulnerability in Sparkjava Spark In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. | 5.3 |
| 2018-03-30 | CVE-2018-7171 | Path Traversal vulnerability in Lynxtechnology Twonky Server Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. | 7.5 |
| 2018-03-30 | CVE-2018-3822 | Path Traversal vulnerability in Elastic X-Pack 6.2.0/6.2.1/6.2.2 X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. | 9.8 |
| 2018-03-29 | CVE-2018-9117 | Path Traversal vulnerability in Wiremock WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | 5.3 |
| 2018-03-28 | CVE-2018-9110 | Path Traversal vulnerability in Std42 Elfinder Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | 9.1 |
| 2018-03-28 | CVE-2018-9109 | Path Traversal vulnerability in Std42 Elfinder Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | 9.1 |