Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000472 | Path Traversal vulnerability in multiple products The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | 6.5 |
| 2018-01-03 | CVE-2017-1000490 | Path Traversal vulnerability in multiple products Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | 6.5 |
| 2018-01-03 | CVE-2017-1000501 | Path Traversal vulnerability in multiple products Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | 9.8 |
| 2018-01-02 | CVE-2017-1000448 | Path Traversal vulnerability in Structured-Data Structured Data Linter Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | 7.5 |
| 2018-01-02 | CVE-2017-9965 | Path Traversal vulnerability in Schneider-Electric Pelco Videoxpert An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. | 5.8 |
| 2018-01-02 | CVE-2017-9964 | Path Traversal vulnerability in Schneider-Electric Pelco Videoxpert A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. | 6.9 |
| 2017-12-30 | CVE-2017-17992 | Path Traversal vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | 9.8 |
| 2017-12-27 | CVE-2015-7669 | Path Traversal vulnerability in Easy2Map Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | 9.8 |
| 2017-12-27 | CVE-2017-17927 | Path Traversal vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | 5.3 |
| 2017-12-27 | CVE-2017-17924 | Path Traversal vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | 5.3 |