Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-06 | CVE-2020-19678 | Path Traversal vulnerability in multiple products Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | 7.5 |
| 2023-04-05 | CVE-2023-20129 | Path Traversal vulnerability in Cisco Prime Infrastructure Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. | 6.5 |
| 2023-04-04 | CVE-2020-19279 | Path Traversal vulnerability in Wide Project Wide Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. | 9.8 |
| 2023-04-04 | CVE-2023-25303 | Path Traversal vulnerability in Atlauncher ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. | 7.1 |
| 2023-04-04 | CVE-2023-25305 | Path Traversal vulnerability in Polymc PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. | 7.1 |
| 2023-04-03 | CVE-2022-43771 | Path Traversal vulnerability in Hitachi Vantara Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | 6.5 |
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2023-03-30 | CVE-2023-28732 | Path Traversal vulnerability in Acymailing Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. | 7.5 |
| 2023-03-29 | CVE-2022-2560 | Path Traversal vulnerability in Enterprisedt Completeftp Server This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. | 9.1 |
| 2023-03-28 | CVE-2023-27700 | Path Traversal vulnerability in Muyucms Project Muyucms 2.2 MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html. | 8.1 |