CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2019-15648
MEDIUM
insert-or-embed-articulate-content-into-wordpress < 4.29991 - Unauthenticated Path Traversal
CVSS 6.5
CVE-2019-13237
MEDIUM
Alkacon OpenCms 10.5.4-10.5.5 - Local File Inclusion via Multiple Admin Endpoints
CVSS 4.3
CVE-2019-15055
MEDIUM
MikroTik RouterOS <= 6.44.5 and 6.45.x <= 6.45.3 - Authenticated Arbitrary File Deletion via Disk Name Handling
CVSS 6.5
CVE-2019-11654
HIGH
Micro Focus Verastream Host Integrator <7.7 SP2 - Path Traversal
CVSS 7.5
CVE-2019-15520
MEDIUM
comelz Quark < 2019-03-26 - Path Traversal
CVSS 5.3
CVE-2019-15519
CRITICAL
Power-Response < 2019-02-02 - Path Traversal via Plugin
CVSS 9.8
CVE-2019-15518
MEDIUM
swoole < 4.2.13 - Path Traversal in swPort_http_static_handler
CVSS 5.3
CVE-2019-15517
MEDIUM
jc21 Nginx Proxy Manager < 2.0.13 - Path Traversal via URL-Encoded Dot-Slash Sequences
CVSS 5.5
CVE-2019-15516
HIGH
Cuberite < 2019-06-11 - Path Traversal via Webadmin ....// Bypass
CVSS 7.5
CVE-2019-15326
HIGH
import_users_from_csv_with_meta < 1.14.2.1 - Path Traversal
CVSS 7.5
CVE-2019-14751
HIGH
nltk < 3.4.5 - Arbitrary File Write via Directory Traversal in Package Extraction
CVSS 7.5
CVE-2019-11029
HIGH
Mirasys VMS < 7.6.1 and 8.x < 8.3.2 - Unauthenticated Path Traversal via AutoUpdateService Download Method
CVSS 7.5
CVE-2019-11013
MEDIUM
Nimble Streamer 3.0.2-2-3.5.4-9 - Path Traversal
CVSS 6.5
CVE-2019-15323
HIGH
Ad Inserter < 2.4.20 - Path Traversal
CVSS 7.5
CVE-2019-11603
HIGH
ProSyst mBS SDK <8.2.6 - Path Traversal
CVSS 7.5
CVE-2019-11601
HIGH
Bosch IoT Gateway <9.2.0 & ProSyst mBS SDK <8.2.6 - Path Traversal & Arbitrary File Write
CVSS 7.5
CVE-2019-4460
HIGH
IBM API Connect <5.0.8.6 - Path Traversal
CVSS 7.5
CVE-2019-3967
MEDIUM
OpenEMR < 5.0.1 - Authenticated Path Traversal via Patient File Download Interface
CVSS 6.5
CVE-2019-9852
HIGH
LibreOffice - Code Injection
CVSS 7.8
CVE-2019-12791
HIGH
Vesta Control Panel 0.9.8-24 - Path Traversal and Privilege Escalation via Password Reset Form
CVSS 8.8
CVE-2019-14788
HIGH
Tribulant Newsletters < 4.6.19 - Path Traversal and Remote Code Execution via Export Subscribers Parameter
CVSS 8.8
CVE-2019-12479
CRITICAL
TwentyTwenty.Storage 2.11.0 - Path Traversal in LocalStorageProvider
CVSS 9.1
CVE-2019-14530
HIGH
OpenEMR < 5.0.2 - Path Traversal and Arbitrary File Deletion via fileName Parameter
CVSS 8.8
CVE-2019-3744
HIGH
Dell/Alienware Digital Delivery < 3.5.2013 - Privilege Escalation via Race Condition
CVSS 7.8
CVE-2019-14798
MEDIUM
10Web Photo Gallery < 1.5.25 - Authenticated Local File Inclusion via Shortcode Tagtext Parameter
CVSS 4.9
Details
Vulnerabilities
9,261
Exploit Likelihood
High