Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-3533 | Path Traversal vulnerability in Chamilo Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write. | 9.8 |
| 2023-11-27 | CVE-2023-5885 | Path Traversal vulnerability in Franklinfueling Colibri Firmware The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | 6.5 |
| 2023-11-27 | CVE-2023-42000 | Path Traversal vulnerability in Arcserve UDP Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). | 9.8 |
| 2023-11-27 | CVE-2023-6307 | Path Traversal vulnerability in Jeecg Jimureport A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. | 9.8 |
| 2023-11-22 | CVE-2023-6265 | Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4/1.5.1.5 ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. | 8.1 |
| 2023-11-22 | CVE-2023-47251 | Path Traversal vulnerability in M-Privacy Mprivacy-Tools and Tightgatevnc In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | 6.5 |
| 2023-11-22 | CVE-2023-47467 | Path Traversal vulnerability in Jeecg Jeecg-Boot 3.6.0 Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | 6.5 |
| 2023-11-22 | CVE-2023-47313 | Path Traversal vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. | 5.4 |
| 2023-11-22 | CVE-2023-6160 | Path Traversal vulnerability in Lifterlms The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. | 6.7 |
| 2023-11-22 | CVE-2023-6252 | Path Traversal vulnerability in Hyphensolutions Chameleon Power 1.0 Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. | 7.5 |