Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-47279 | Path Traversal vulnerability in Deltaww Infrasuite Device Master 1.0.7 In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | 7.5 |
| 2023-11-30 | CVE-2021-35975 | Path Traversal vulnerability in Systematica products Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. | 5.3 |
| 2023-11-30 | CVE-2023-46690 | Path Traversal vulnerability in Deltaww Infrasuite Device Master 1.0.7 In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | 8.8 |
| 2023-11-30 | CVE-2023-6352 | Path Traversal vulnerability in Aquaforest Tiff Server 4.2.210913 The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. | 5.3 |
| 2023-11-30 | CVE-2023-47464 | Path Traversal vulnerability in Gl-Inet Gl-Ax1800 Firmware 4.0.0/4.3.7/4.4.6 Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. | 8.8 |
| 2023-11-29 | CVE-2023-46886 | Path Traversal vulnerability in Dreamer CMS Project Dreamer CMS Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. | 9.1 |
| 2023-11-28 | CVE-2023-48848 | Path Traversal vulnerability in Ureport Project Ureport 2.2.9 An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | 7.5 |
| 2023-11-28 | CVE-2023-3533 | Path Traversal vulnerability in Chamilo Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write. | 9.8 |
| 2023-11-27 | CVE-2023-5885 | Path Traversal vulnerability in Franklinfueling Colibri Firmware The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | 6.5 |
| 2023-11-27 | CVE-2023-42000 | Path Traversal vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). | 9.8 |