CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,267 vulnerabilities with CWE-22
CVE-2018-25124
HIGH
PacsOne Server <6.6.2 - Path Traversal
CVE-2018-25113
HIGH
Dicoogle PACS Web Server <2.5.0 - Path Traversal
CVE-2018-25094
LOW
Online Accounting System <=1.4.0 - Path Traversal
CVSS 3.5
CVE-2018-16739
HIGH
ABUS TVIP Firmware - Unauthenticated Path Traversal and Arbitrary File Write via filewrite Endpoint
CVSS 8.8
CVE-2018-25048
HIGH
CODESYS Control Runtime < 3.5.12.30 - Path Traversal and Denial of Service
CVSS 8.8
CVE-2018-25059
LOW
pastebinit < 0.2.2 - Path Traversal via r.URL.Path in pasteHandler
CVSS 3.5
CVE-2018-25046
CRITICAL
Cloud Foundry Archiver - Path Traversal
CVSS 9.1
CVE-2018-19945
CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-18576
MEDIUM
Hustle < 6.0.5 - Directory Traversal via Admin Dashboard URI
CVSS 5.3
CVE-2018-18894
HIGH
Lexmark C, M, X, and 6500e Firmware < 2018-12-18 - Path Traversal via Embedded Web Server
CVSS 7.5
CVE-2018-12476
MEDIUM
SUSE Linux Enterprise Server 15, openSUSE Factory - Path Traversal
CVSS 4.3
CVE-2018-1847
MEDIUM
IBM Financial Transaction Manager 2.0.0.0-2.0.0.5, 2.1.0.0-2.1.0.4, 2.1.1.0-2.1.1.4, 3.0.0.0-3.0.0.8 Path Traversal
CVSS 6.5
CVE-2018-14672
MEDIUM
ClickHouse <18.12.13 - Path Traversal
CVSS 5.3
CVE-2018-14918
HIGH
LOYTEC LGATE-902 <6.3.2 - Path Traversal
CVSS 7.5
CVE-2018-16594
HIGH
Sony Bravia TV < 8.587 - Path Traversal in Photo Sharing Plus
CVSS 8.1
CVE-2018-18863
MEDIUM
NGA ResourceLink 20.0.2.1 - Local File Inclusion
CVSS 6.5
CVE-2018-18876
MEDIUM
Columbia Weather MicroServer Firmware MS_2.6.9900 - Path Traversal via readouts_rd.php
CVSS 5.3
CVE-2018-20470
HIGH
Sahi Pro < 8.0.0 - Directory Traversal in Web Reports Module
CVSS 7.5
CVE-2018-13379
CRITICAL
KEV
FortiProxy < 1.2.9 and FortiOS 5.4.6-5.4.12 - Unauthenticated Path Traversal via SSL VPN Web Portal
CVSS 9.1
CVE-2018-16221
HIGH
Yealink SIP-T41P 66.83.0.35 - Authenticated Path Traversal via Diagnostics Web Interface
CVSS 8.0
CVE-2018-17180
MEDIUM
OpenEMR < 5.0.1.7 - Path Traversal via docid Parameter in download_template.php
CVSS 5.3
CVE-2018-6885
CRITICAL
MicroStrategy Web Services < 10.4 - Unauthenticated Path Traversal via SOAP Request
CVSS 9.8
CVE-2018-12298
HIGH
Seagate NAS OS 4.3.15.1 - Path Traversal
CVSS 7.5
CVE-2018-16961
HIGH
Open XDMoD < 7.5.0 - Path Traversal via file Parameter
CVSS 7.5
CVE-2018-16716
CRITICAL
NCBI ToolBox <2.2.26 - Info Disclosure
CVSS 9.1
Details
Vulnerabilities
9,267
Exploit Likelihood
High