CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,275 vulnerabilities with CWE-22
CVE-2018-7442
CRITICAL
leptonica < 1.75.3 - Path Traversal and Arbitrary File Write via gplot rootname Argument
CVSS 9.1
CVE-2018-7300
CRITICAL
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Path Traversal and Arbitrary File Write via User.setLanguage Method
CVSS 9.8
CVE-2018-7296
MEDIUM
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Arbitrary File Read via User.getLanguage Method
CVSS 5.3
CVE-2018-5716
HIGH
Reprise License Manager 11.0 - Path Traversal
CVSS 8.1
CVE-2018-6356
MEDIUM
Jenkins < 2.107 and LTS < 2.89.4 - Path Traversal via Plugin Resource URL
CVSS 6.5
CVE-2018-7212
MEDIUM
sinatra 2.x < 2.0.1 - Path Traversal via Backslash Characters
CVSS 5.3
CVE-2018-1162
HIGH
Quest NetVault Backup 11.2.0.13 - DoS
CVSS 8.1
CVE-2018-0123
MEDIUM
Cisco IOS and IOS XE - Authenticated Path Traversal via Diagnostic Shell Commands
CVSS 5.5
CVE-2018-1299
HIGH
Apache Allura < 1.8.0 - Unauthenticated Arbitrary File Read via Path Traversal
CVSS 7.5
CVE-2018-6397
HIGH
Picture Calendar 3.1.4 - Path Traversal via List.php Folder Parameter
CVSS 7.5
CVE-2018-5997
CRITICAL
RAVPower Filehub 2.000.056 - Path Traversal and Remote Code Execution via Unrestricted File Upload
CVSS 9.8
CVE-2018-5445
MEDIUM
Advantech WebAccess/SCADA <V8.2_20170817 - Path Traversal
CVSS 5.3
CVE-2018-1048
HIGH
JBoss EAP 7.1.0.GA - Path Traversal and Information Disclosure via AJP Connector
CVSS 7.5
CVE-2018-1047
MEDIUM
JBoss WildFly Application Server 9.x - Path Traversal via ServletResourceManager
CVSS 5.5
CVE-2018-6184
HIGH
ZEIT Next.js <4.2.3 - Path Traversal
CVSS 7.5
CVE-2018-6022
MEDIUM
NoneCMS <= 1.3.0 - Authenticated Path Traversal via param.path Parameter
CVSS 6.5
CVE-2018-5700
HIGH
Winmail Server <= 6.2 - Authenticated Remote Code Execution via Directory Traversal in netdisk.php
CVSS 8.8
CVE-2018-5310
MEDIUM
WordPress Media from FTP <9.85 - Path Traversal
CVSS 6.5
CVE-2018-5283
HIGH
Photos in Wifi <1.0.1 - Path Traversal
CVSS 7.5
CVE-2018-5291
HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2018-5290
HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2018-5289
HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2018-5287
HIGH
GD Rating System <2.3 - Path Traversal
CVSS 7.5
CVE-2017-20250
HIGH
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
CVSS 7.5
CVE-2017-20248
HIGH
WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
CVSS 7.5
Details
Vulnerabilities
9,275
Exploit Likelihood
High