CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2019-1010151
CRITICAL
zzcms zzmcms < 8.3 - Path Traversal and Arbitrary File Deletion via ppsave.php
CVSS 9.8
CVE-2019-13584
MEDIUM
FANUC Robotics Virtual Robot Controller <8.23 - Path Traversal
CVSS 5.3
CVE-2019-10352
MEDIUM
Jenkins < 2.176.1, < 2.185 - Authenticated Arbitrary File Write via File Parameter
CVSS 6.5
CVE-2019-4430
HIGH
IBM Maximo Asset Management 7.6 - Path Traversal
CVSS 7.5
CVE-2019-13623
HIGH
NSA Ghidra < 9.1 - Path Traversal and Arbitrary File Write via Archive Filename
CVSS 7.8
CVE-2019-12990
CRITICAL
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - Path Traversal
CVSS 9.8
CVE-2019-0887
HIGH
Remote Desktop Client < 1.2.2691 - Authenticated Remote Code Execution via Clipboard Redirection
CVSS 8.0
CVE-2019-5447
MEDIUM
http-file-server <= 0.2.6 - Path Traversal
CVSS 5.3
CVE-2019-3415
MEDIUM
ZTE ZXMW NR8000 Firmware V2.4.4.03 and V2.4.4.04 - Path Traversal
CVSS 5.7
CVE-2019-9886
HIGH
BroadLearning eClass <ip.2.5.10.2.1 - Info Disclosure
CVSS 7.5
CVE-2019-5444
MEDIUM
serve-here.js <v1.1.3 - Path Traversal
CVSS 5.3
CVE-2019-5221
MEDIUM
Huawei Mate 20 X Firmware < Ever-L29B 9.1.0.300(C636E3R2P1) - Path Traversal via Huawei Share File Transfer
CVSS 6.5
CVE-2019-13396
MEDIUM
FlightPath 4.x-5.0.x - Path Traversal and Local File Inclusion via form_include Parameter
CVSS 5.3
CVE-2019-12925
HIGH
MailEnable 6.0-<6.90 - Authenticated Path Traversal and Arbitrary File Manipulation
CVSS 8.1
CVE-2019-13241
HIGH
FlightCrew < 0.9.2 - Path Traversal and Arbitrary File Write via ZIP Archive Extraction
CVSS 7.8
CVE-2019-10717
HIGH
BlogEngine.NET 3.3.7.0 - Path Traversal via File Manager API Path Parameter
CVSS 7.1
CVE-2019-10137
HIGH
spacewalk-proxy <2.9 - Info Disclosure
CVSS 8.1
CVE-2019-7254
HIGH
Linear eMerge E3-Series - Path Traversal
CVSS 7.5
CVE-2019-7253
CRITICAL
Linear eMerge E3-Series - Path Traversal
CVSS 9.8
CVE-2019-7267
CRITICAL
Linear eMerge 50P/5000P - Path Traversal
CVSS 9.8
CVE-2019-11826
HIGH
Synology Moments <1.3.0-0691 - Path Traversal
CVSS 8.0
CVE-2019-11822
MEDIUM
Synology Photo Station <6.8.11-3489, <6.3-2977 - Path Traversal
CVSS 4.3
CVE-2019-10985
CRITICAL
Advantech WebAccess < 8.3.5 - Path Traversal via Improper Path Validation
CVSS 9.1
CVE-2019-3632
HIGH
McAfee Enterprise Security Manager < 10.4.0 - Authenticated Path Traversal
CVSS 8.8
CVE-2019-7227
HIGH
ABB PB610 Panel Builder 600 Firmware 1.91-2.8.0.367 - Authenticated Path Traversal via CWD Command
CVSS 7.3
Details
Vulnerabilities
9,261
Exploit Likelihood
High