Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6583 | Path Traversal vulnerability in Codection Import and Export Users and Customers The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. | 7.2 |
| 2024-01-11 | CVE-2023-6699 | Path Traversal vulnerability in Wpcompress WP Compress The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. | 7.5 |
| 2024-01-10 | CVE-2023-51127 | Path Traversal vulnerability in Flir AX8 Firmware 1.46.16 FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. | 7.5 |
| 2024-01-10 | CVE-2023-50916 | Path Traversal vulnerability in Kyocera Device Manager Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. | 7.2 |
| 2024-01-10 | CVE-2023-37932 | Path Traversal vulnerability in Fortinet Fortivoice An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | 6.5 |
| 2024-01-10 | CVE-2023-48242 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | 6.5 |
| 2024-01-10 | CVE-2023-48243 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | 8.8 |
| 2024-01-10 | CVE-2023-48246 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | 6.5 |
| 2024-01-10 | CVE-2023-48249 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | 6.5 |
| 2024-01-10 | CVE-2024-0354 | Path Traversal vulnerability in Unknown-O Download-Station 1.1.8 A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. | 7.5 |