CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,261 vulnerabilities with CWE-22
CVE-2019-4252
HIGH
IBM Rational Collaborative Lifecycle Management 6.0-6.0.6.1 - Path Traversal via URL Request
CVSS 7.5
CVE-2019-1621
HIGH
Cisco Data Center Network Manager - Unauthenticated Path Traversal via Web Interface URL Request
CVSS 7.5
CVE-2019-1620
CRITICAL
Cisco Data Center Network Manager - Unauthenticated Arbitrary File Write and Remote Code Execution
CVSS 9.8
CVE-2019-10720
HIGH
BlogEngine.NET < 3.3.7.0 - Directory Traversal and Remote Code Execution via Theme Cookie
CVSS 8.8
CVE-2019-10719
HIGH
BlogEngine.NET < 3.3.7.0 - Directory Traversal and Remote Code Execution via Upload API
CVSS 8.8
CVE-2019-12901
HIGH
Pydio Cells < 1.5.0 - Path Traversal and Arbitrary File Write via Directory Traversal
CVSS 8.8
CVE-2019-3737
HIGH
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 - Local File Inclusion via Specially Crafted Request
CVSS 7.5
CVE-2019-4384
MEDIUM
IBM Campaign <10.1 - Path Traversal
CVSS 4.3
CVE-2019-10257
HIGH
Zucchetti HR Portal < 2019-03-15 - Unauthenticated Path Traversal via Dot-Dot-Slash Notation
CVSS 7.5
CVE-2019-7315
HIGH
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera <3.x ...
CVSS 7.5
CVE-2019-12146
CRITICAL
WS_FTP Server <8.6.1 - Path Traversal
CVSS 9.1
CVE-2019-12145
HIGH
Progress ipswitch WS_FTP Server <8.6.1 - Path Traversal
CVSS 7.5
CVE-2019-12144
CRITICAL
WS_FTP Server <8.6.1 - Path Traversal, RCE
CVSS 9.8
CVE-2019-12143
MEDIUM
Progress ipswitch WS_FTP Server <8.6.1 - Path Traversal
CVSS 5.3
CVE-2019-12477
MEDIUM
Supra Smart Cloud TV Remote File Inclusion
CVSS 5.5
CVE-2019-8320
HIGH
RubyGems 2.7.6-3.0.2 - Path Traversal via Symlink Deletion
CVSS 7.4
CVE-2019-9157
MEDIUM
Gemalto DS3 Authentication Server < 3.1.0 - Local File Disclosure via Path Traversal
CVSS 5.7
CVE-2019-8385
CRITICAL
Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal
CVSS 9.8
CVE-2019-12276
HIGH
GrandNode 4.40 - Unauthenticated Path Traversal via LetsEncrypt Controller
CVSS 7.5
CVE-2019-9642
CRITICAL
Pydio < 8.2.2 - Unauthenticated Remote Code Execution via Proxy PHP File Inclusion
CVSS 9.8
CVE-2019-5356
CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2019-10009
MEDIUM
Titan FTP Server 2019 Build 3505 - Path Traversal
CVSS 6.5
CVE-2019-12169
HIGH
ATutor 2.2.1-2.2.4 - Path Traversal and Arbitrary File Upload via Language Import ZIP Archive
CVSS 8.8
CVE-2019-6754
HIGH
Foxit Reader < 9.4.1.16828 and PhantomPDF < 8.3.9.41099 - Remote Code Execution via Path Traversal in localFileStorage
CVSS 7.8
CVE-2019-12310
CRITICAL
ExaGrid <4.8.1.1044.P50 - Path Traversal
CVSS 9.8
Details
Vulnerabilities
9,261
Exploit Likelihood
High