CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,268 vulnerabilities with CWE-22
CVE-2018-17836
HIGH
JTBC(PHP) 3.0.1.6 - Unauthenticated Arbitrary PHP File Upload via Path Traversal
CVSS 8.8
CVE-2018-17828
MEDIUM
ZZIPlib 0.13.69 - Path Traversal and Arbitrary File Write via Dot-Dot in Zip Archive
CVSS 5.5
CVE-2018-17798
MEDIUM
zzcms 8.3 - Unauthenticated Arbitrary File Deletion via oldimg Parameter
CVSS 6.5
CVE-2018-17797
MEDIUM
zzcms 8.3 - Path Traversal and Arbitrary File Deletion via oldimg Parameter
CVSS 6.5
CVE-2018-17785
HIGH
blynk-server < 0.39.7 - Path Traversal via URI with /static or /static/js
CVSS 7.5
CVE-2018-9074
MEDIUM
LenovoEMC Firmware < 4.1.402.34662 - Path Traversal and Arbitrary File Write via Content Explorer Upload
CVSS 6.5
CVE-2018-17605
HIGH
Grails Asset Pipeline <3.0.4 - Path Traversal
CVSS 7.5
CVE-2018-14957
CRITICAL
isweb 3.5.3 - Path Traversal and Local File Download via moduli/downloadFile.php
CVSS 9.8
CVE-2018-7102
HIGH
HPE Intelligent Management Center < 7.3 - Path Traversal and Arbitrary File Write via createFabricAutoCfgFile
CVSS 7.5
CVE-2018-17365
HIGH
SeaCMS 6.64 and 7.2 - Unauthenticated Arbitrary File Deletion via filedir Parameter
CVSS 7.5
CVE-2018-16968
LOW
Citrix ShareFile StorageZones Controller <5.4.2 - Path Traversal
CVSS 3.1
CVE-2018-10501
HIGH
Samsung Notes <2.0.02.31 - Privilege Escalation
CVSS 7.0
CVE-2018-16299
HIGH
Localize My Post 1.0 - Path Traversal via AJAX Include File Parameter
CVSS 7.5
CVE-2018-16283
CRITICAL
Wechat Broadcast < 1.2.0 - Path Traversal via Image.php URL Parameter
CVSS 9.8
CVE-2018-17297
HIGH
Hutool < 4.1.12 - Path Traversal and Arbitrary File Write via ZipUtil Unzip Function
CVSS 7.5
CVE-2018-6500
HIGH
HP ArcSight Management Center < 2.81 - Directory Traversal
CVSS 7.5
CVE-2018-8889
MEDIUM
BlackBerry Enterprise Mobility Server <2.8.17.29 - Path Traversal
CVSS 4.7
CVE-2018-11762
MEDIUM
Apache Tika 0.9-1.18 - Path Traversal via Embedded File with Absolute Path
CVSS 5.9
CVE-2018-16820
HIGH
Monstra CMS 3.0.4 - Unauthenticated Directory Traversal via Files Manager Path Parameter
CVSS 7.5
CVE-2018-16819
MEDIUM
Monstra CMS 3.0.4 - Unauthenticated Arbitrary File Deletion via Filesmanager Path Parameter
CVSS 4.9
CVE-2018-13982
HIGH
Smarty < 3.1.33 - Path Traversal via Trusted Resource Directory Bypass
CVSS 7.5
CVE-2018-8041
MEDIUM
Apache Camel's Mail <2.22.0 - Path Traversal
CVSS 5.3
CVE-2018-17125
HIGH
CScms 4.1 - Unauthenticated Path Traversal and Arbitrary Directory Deletion via Plugins.php dir Parameter
CVSS 7.5
CVE-2018-15610
HIGH
Avaya IP Office 9.1-10.1 - Authenticated Arbitrary File Read/Delete via one-X Portal
CVSS 7.3
CVE-2018-16836
CRITICAL
Rubedo < 3.4.0 - Unauthenticated Path Traversal via Theme Component
CVSS 9.8
Details
Vulnerabilities
9,268
Exploit Likelihood
High