CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,275 vulnerabilities with CWE-22
CVE-2018-0542
HIGH
WebProxy 1.7.8 - Path Traversal
CVSS 7.5
CVE-2018-8909
HIGH
Wire < 2018-03-07 - Path Traversal via Filename with ../ Sequence
CVSS 7.5
CVE-2018-3710
HIGH
GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import
CVSS 7.8
CVE-2018-7422
HIGH
Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter
CVSS 7.5
CVE-2018-8741
HIGH
SquirrelMail 1.4.22 - Path Traversal
CVSS 8.8
CVE-2018-7706
MEDIUM
SecurEnvoy SecurMail <9.2.501 - Path Traversal
CVSS 6.5
CVE-2018-7705
HIGH
SecurEnvoy SecurMail <9.2.501 - Path Traversal
CVSS 8.1
CVE-2018-8712
CRITICAL
Webmin 1.840 and 1.880 - Unauthenticated Arbitrary File Read via Log File Viewer
CVSS 9.8
CVE-2018-2366
MEDIUM
SAP Business Process Automation By Redwood 9.0 9.1 - Path Traversal
CVSS 4.3
CVE-2018-1000083
MEDIUM
Ajenti 2 - Path Traversal via Malformed JSON Login Request
CVSS 5.3
CVE-2018-1000079
MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal via Malicious Gem Installation
CVSS 5.5
CVE-2018-1323
HIGH
Apache Tomcat JK Connector 1.2.0-1.2.42 - Path Traversal via IIS/ISAPI Request Path Normalization
CVSS 7.5
CVE-2018-0525
MEDIUM
Jubatus < 1.0.2 - Path Traversal
CVSS 5.3
CVE-2018-6810
HIGH
NetScaler ADC and Gateway 10.5, 11.0, 11.1, 12.0 - Path Traversal
CVSS 7.5
CVE-2018-1316
HIGH
Apache ODE 1.1.1-1.3.2 - Path Traversal and Arbitrary File Write via Process Deployment Web Service
CVSS 7.5
CVE-2018-7654
MEDIUM
3CX 15.5.6354.2 - Path Traversal via RecordingList Download API
CVSS 6.5
CVE-2018-7586
HIGH
NextGEN Gallery < 2.2.46 - Path Traversal
CVSS 7.5
CVE-2018-2380
MEDIUM
KEV
SAP CRM 7.01-7.02, 7.30-7.31, 7.33, 7.54 - Path Traversal
CVSS 6.6
CVE-2018-2367
HIGH
SAP BASIS 7.00-7.02, 7.10-7.11, 7.30, 7.31, 7.40, 7.50-7.52 - Path Traversal in ABAP File Interface
CVSS 8.8
CVE-2018-7482
HIGH
Joomlaworks K2 - Path Traversal
CVSS 7.5
CVE-2018-7467
HIGH
AxxonSoft Next - Path Traversal via Initial /css//..%2f Substring in URI
CVSS 7.5
CVE-2018-7172
MEDIUM
WonderCMS < 2.4.0 - Unauthenticated Arbitrary File Deletion via Directory Traversal
CVSS 4.9
CVE-2018-7490
HIGH
uWSGI < 2.0.17 - Path Traversal via --php-docroot Option
CVSS 7.5
CVE-2018-7486
HIGH
Blueriver Muracms < 7.0.7029 - Path Traversal
CVSS 7.2
CVE-2018-7434
MEDIUM
zzcms 8.2 - Path Traversal via Direct Request to ErrorCase.class.php or friend.php
CVSS 5.3
Details
Vulnerabilities
9,275
Exploit Likelihood
High