Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2018-2367 | Path Traversal vulnerability in SAP Business Application Software Integrated Solution ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 8.8 |
| 2018-02-28 | CVE-2015-5079 | Path Traversal vulnerability in Blackcat-Cms Blackcat CMS Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2018-02-28 | CVE-2017-9447 | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 7.5 |
| 2018-02-28 | CVE-2018-7482 | Path Traversal vulnerability in Joomlaworks K2 2.8.0 The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. | 7.5 |
| 2018-02-27 | CVE-2018-7467 | Path Traversal vulnerability in Axxonsoft Next AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | 7.5 |
| 2018-02-27 | CVE-2018-7172 | Path Traversal vulnerability in Wondercms In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. | 4.9 |
| 2018-02-26 | CVE-2018-7490 | Path Traversal vulnerability in multiple products uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. | 7.5 |
| 2018-02-26 | CVE-2017-16814 | Path Traversal vulnerability in Foxitsoftware Mobilepdf A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. | 5.5 |
| 2018-02-26 | CVE-2018-7486 | Path Traversal vulnerability in Blueriver Muracms Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. | 7.2 |
| 2018-02-24 | CVE-2018-7434 | Path Traversal vulnerability in Zzcms 8.2 zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. | 5.3 |