CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,264 vulnerabilities with CWE-22
CVE-2019-1819
MEDIUM
Cisco Prime Infrastructure - Info Disclosure
CVSS 6.5
CVE-2019-1818
MEDIUM
Cisco Prime Infrastructure - Info Disclosure
CVSS 6.5
CVE-2019-1717
HIGH
Cisco Video Surveillance Manager - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 7.5
CVE-2019-11397
MEDIUM
Rapid4 RapidFlows Enterprise App <4.5M.23 - Local File Inclusion
CVSS 6.5
CVE-2019-9618
CRITICAL
WordPress Media Player 1.0 - Local File Inclusion
CVSS 9.8
CVE-2019-8952
MEDIUM
Bosch DIVAR IP 2000 < 3.62.0019, DIVAR IP 5000 < 3.80.0033, VRM & BVMS < 3.71.0032 - Path Traversal
CVSS 6.5
CVE-2019-9726
HIGH
eQ-3 AG Homematic CCU3 <3.43.15 - Path Traversal
CVSS 7.5
CVE-2019-5438
MEDIUM
harpjs/harp < 0.29.0 - Path Traversal via Symlink
CVSS 5.3
CVE-2019-11879
MEDIUM
WEBrick 1.4.2 - Directory Traversal via Symlink
CVSS 5.5
CVE-2019-11082
HIGH
DKPro Core < 1.10.0 - Path Traversal and Arbitrary File Write via Archive Extraction
CVSS 7.5
CVE-2019-0226
MEDIUM
Apache Karaf < 4.2.5 - Path Traversal and Arbitrary File Write via Config Service Install Method
CVSS 4.9
CVE-2019-11831
CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Path Traversal
CVSS 9.8
CVE-2019-11510
CRITICAL
KEV
Pulse Secure PCS <9.0R3.4 - Info Disclosure
CVSS 10.0
CVE-2019-11508
HIGH
Pulse Secure PCS <8.1R15.1-9.0R3.4 - Path Traversal
CVSS 7.2
CVE-2019-10869
HIGH
Ninja Forms File Uploads < 3.0.23 - Path Traversal and Unrestricted File Upload via Upload Field Parameters
CVSS 8.1
CVE-2019-3799
MEDIUM
Spring Cloud Config < 1.4.6 - Path Traversal via Crafted URL
CVSS 6.5
CVE-2019-1854
MEDIUM
Cisco Expressway Series - Path Traversal
CVSS 4.1
CVE-2019-1836
HIGH
Cisco Nexus 9000 - Privilege Escalation
CVSS 7.1
CVE-2019-0194
HIGH
Apache Camel 2.0.0-2.19.0 and 2.21.0-2.21.4 - Path Traversal
CVSS 7.5
CVE-2019-11624
MEDIUM
doorgets_cms 7.0 - Authenticated Arbitrary File Deletion via configurationRequest.php
CVSS 4.9
CVE-2019-11612
HIGH
doorgets_cms 7.0 - Unauthenticated Arbitrary File Deletion via /fileman/php/deletefile.php
CVSS 7.5
CVE-2019-11611
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via File Download Endpoint
CVSS 7.5
CVE-2019-11610
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via downloaddir.php
CVSS 7.5
CVE-2019-11609
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via movefile.php
CVSS 8.2
CVE-2019-11608
HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via /fileman/php/renamefile.php
CVSS 8.2
Details
Vulnerabilities
9,264
Exploit Likelihood
High