Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2023-06-29 CVE-2023-33277 Path Traversal vulnerability in Gira KNX IP Router Firmware 3.1.3683.0/3.3.8.0
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.
network
low complexity
gira CWE-22
7.5
2023-06-29 CVE-2023-34598 Path Traversal vulnerability in Gibbonedu Gibbon 25.0.00
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
network
low complexity
gibbonedu CWE-22
critical
9.8
2023-06-29 CVE-2023-34843 Path Traversal vulnerability in Traggo 0.3.0
Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.
network
low complexity
traggo CWE-22
7.5
2023-06-28 CVE-2023-32623 Path Traversal vulnerability in 2Inc Snow Monkey Forms 5.0.7/5.1.1
Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.
network
low complexity
2inc CWE-22
critical
9.1
2023-06-28 CVE-2023-3330 Path Traversal vulnerability in NEC products
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
network
low complexity
nec CWE-22
4.3
2023-06-28 CVE-2023-3331 Path Traversal vulnerability in NEC products
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.
network
low complexity
nec CWE-22
5.4
2023-06-27 CVE-2020-19902 Path Traversal vulnerability in Wcms 0.3.2
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.
network
low complexity
wcms CWE-22
critical
9.8
2023-06-26 CVE-2023-30945 Path Traversal vulnerability in Palantir products
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames.
network
low complexity
palantir CWE-22
critical
9.8
2023-06-26 CVE-2023-32521 Path Traversal vulnerability in Trendmicro Mobile Security 9.8
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
network
low complexity
trendmicro CWE-22
critical
9.1
2023-06-26 CVE-2023-32522 Path Traversal vulnerability in Trendmicro Mobile Security 9.8
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-22
8.1