Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000083 | Path Traversal vulnerability in Ajenti 2 Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. | 5.3 |
| 2018-03-13 | CVE-2018-1000079 | Path Traversal vulnerability in Rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. | 5.5 |
| 2018-03-09 | CVE-2017-17223 | Path Traversal vulnerability in Huawei products Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. | 8.8 |
| 2018-03-09 | CVE-2018-0525 | Path Traversal vulnerability in Jubat Jubatus Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 5.3 |
| 2018-03-06 | CVE-2018-6810 | Path Traversal vulnerability in Citrix products Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. | 7.5 |
| 2018-03-05 | CVE-2017-16922 | Path Traversal vulnerability in Wowza Streaming Engine In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request. | 5.3 |
| 2018-03-05 | CVE-2018-1316 | Path Traversal vulnerability in Apache ODE The ODE process deployment web service was sensible to deployment messages with forged names. | 7.5 |
| 2018-03-04 | CVE-2018-7654 | Path Traversal vulnerability in 3CX 15.5.6354.2 On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | 6.5 |
| 2018-03-01 | CVE-2018-7586 | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 7.5 |
| 2018-03-01 | CVE-2018-2380 | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.6 |