CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2019-18212
MEDIUM
XML Language Server < 0.9.1 - Path Traversal and Arbitrary File Write
CVSS 6.5
CVE-2019-8238
HIGH
Adobe Acrobat and Reader DC - Path Traversal
CVSS 7.5
CVE-2019-18371
HIGH
Millet Router 3G Firmware < 2.28.23 - Unauthenticated Path Traversal via NGINX Alias Misconfiguration
CVSS 7.5
CVE-2019-16986
MEDIUM
FusionPBX < 4.5.7 - Path Traversal via Unsanitized Download Parameter
CVSS 6.5
CVE-2019-16985
MEDIUM
FusionPBX < 4.5.7 - Unauthenticated Path Traversal and Arbitrary File Deletion via xml_cdr_delete.php
CVSS 6.5
CVE-2019-16990
MEDIUM
FusionPBX < 4.5.7 - Path Traversal via Unsanitized File Parameter in music_on_hold.php
CVSS 6.5
CVE-2019-14424
MEDIUM
CUx-Daemon 1.11a - Local File Inclusion
CVSS 6.5
CVE-2019-15266
MEDIUM
Cisco Wireless LAN Controller Software < 8.10 - Authenticated Path Traversal via CLI Filename Parameter
CVSS 4.4
CVE-2019-12704
MEDIUM
Cisco SPA100 Series Firmware - Authenticated Arbitrary File Read via Web Interface
CVSS 6.5
CVE-2019-17662
CRITICAL
ThinVNC 1.0b1 - Path Traversal and Arbitrary File Read via ThinVnc.ini
CVSS 9.8
CVE-2019-16279
HIGH
nostromo nhttpd < 1.9.6 - Denial of Service via SSL_accept Memory Error
CVSS 7.5
CVE-2019-16278
CRITICAL
KEV
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
CVSS 9.8
CVE-2019-17538
HIGH
Jiangnan Online Judge 0.8.0 - Path Traversal via Problem View File Endpoint
CVSS 7.5
CVE-2019-17537
HIGH
Jiangnan Online Judge 0.8.0 - Path Traversal via File Deletion Endpoint
CVSS 7.5
CVE-2019-17109
MEDIUM
koji < 1.18.0 - Path Traversal and Privilege Escalation
CVSS 6.5
CVE-2019-0074
MEDIUM
Juniper Junos OS - Authenticated Path Traversal in NFX150, QFX10K, EX9200, MX, and PTX Series with NG-RE
CVSS 5.5
CVE-2019-17399
CRITICAL
Shack Forms Pro < 4.0.32 - Path Traversal via File Attachment
CVSS 9.8
CVE-2019-17187
HIGH
FiberHome HG2201T 1.00.M5007_JS_201804 - Unauthenticated Path Traversal via downloadfile.cgi
CVSS 7.5
CVE-2019-14657
HIGH
Yealink phones <2019-08-04 - RCE
CVSS 8.8
CVE-2019-17314
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal in Configurator Module
CVSS 7.2
CVE-2019-17313
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal in Studio Module
CVSS 8.8
CVE-2019-17312
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal via File Function
CVSS 8.8
CVE-2019-17311
HIGH
SugarCRM 7.9.0.0-7.9.5.0 - Authenticated Path Traversal via Attachment Function
CVSS 8.8
CVE-2019-17199
HIGH
WPO WebPageTest 19.04 - Path Traversal via Unanchored Regular Expression
CVSS 7.5
CVE-2019-17180
HIGH
Valve Steam Client < 2019-09-12 - Path Traversal and Arbitrary File Write
CVSS 7.8
Details
Vulnerabilities
9,261
Exploit Likelihood
High