Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-37932 | Path Traversal vulnerability in Fortinet Fortivoice An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | 6.5 |
| 2024-01-10 | CVE-2023-48242 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | 6.5 |
| 2024-01-10 | CVE-2023-48243 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | 8.8 |
| 2024-01-10 | CVE-2023-48246 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | 6.5 |
| 2024-01-10 | CVE-2023-48249 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | 6.5 |
| 2024-01-10 | CVE-2024-0354 | Path Traversal vulnerability in Unknown-O Download-Station 1.1.8 A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. | 7.5 |
| 2024-01-09 | CVE-2024-0341 | Path Traversal vulnerability in Inis Project Inis 2.0.0/2.0.1 A vulnerability was found in Inis up to 2.0.1. | 7.5 |
| 2024-01-08 | CVE-2023-47890 | Path Traversal vulnerability in Pyload 0.5.0 pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | 8.8 |
| 2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |
| 2024-01-04 | CVE-2024-22050 | Path Traversal vulnerability in Boazsegev Iodine Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. | 7.5 |