CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,275 vulnerabilities with CWE-22
CVE-2017-20212
MEDIUM
FLIR Thermal Camera F/FC/PT/D <8.0.0.64 - Info Disclosure
CVSS 6.2
CVE-2017-20184
HIGH
Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal
CVSS 7.5
CVE-2017-20181
MEDIUM
hgzojer Vocable Trainer <1.3.0 - Path Traversal
CVSS 5.3
CVE-2017-20152
LOW
imageserve - Path Traversal in File Handler via filelocation Parameter
CVSS 3.1
CVE-2017-20145
MEDIUM
Tecrail Responsive Filemanger <9.10.x - Path Traversal
CVSS 6.3
CVE-2017-20105
MEDIUM
Simplessus 3.7.7 - Path Traversal via Path Parameter
CVSS 5.4
CVE-2017-20102
MEDIUM
Album Lock 4.0 - Path Traversal via getImage filePath Parameter
CVSS 4.4
CVE-2017-15684
HIGH
Crafter CMS Crafter Studio 3.0.1 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2017-15681
CRITICAL
Crafter CMS Crafter Studio 3.0.1 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2017-18912
CRITICAL
Mattermost Server <3.8.2-3.6.7 - Path Traversal
CVSS 9.8
CVE-2017-18874
MEDIUM
Mattermost Server <4.3.0-4.1.2 - Path Traversal
CVSS 6.5
CVE-2017-18824
LOW
NETGEAR M4300 and M4200 Firmware < 12.0.2.15 - Path Traversal
CVSS 3.3
CVE-2017-18636
HIGH
esafenet CDG < 2017-01-01 - Path Traversal via downloadDocument.jsp pathAndName Parameter
CVSS 7.5
CVE-2017-18585
HIGH
WordPress posts-in-page <1.3.0 - Path Traversal
CVSS 8.1
CVE-2017-18586
CRITICAL
insert-pages < 3.2.4 - Path Traversal via Custom Template Paths
CVSS 9.1
CVE-2017-18448
MEDIUM
cPanel 55.9999.61-64.0.20 - Path Traversal via Serverinfo_manpage API
CVSS 5.3
CVE-2017-9386
MEDIUM
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Path Traversal
CVSS 6.5
CVE-2017-9382
MEDIUM
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Info Disclosure
CVSS 6.5
CVE-2017-18354
HIGH
Rendertron 1.0.0 - Local File Inclusion via File Protocol Handler
CVSS 7.5
CVE-2017-2627
HIGH
OpenStack TripleO Common - Path Traversal and Privilege Escalation via Sudoers Wildcard Misconfiguration
CVSS 8.2
CVE-2017-16744
HIGH
Tridium Niagara AX <3.8 & Niagara 4 <4.4 - Path Traversal
CVSS 7.2
CVE-2017-1749
MEDIUM
IBM UrbanCode Deploy 6.1-6.9.6.0 - Unauthenticated Path Traversal
CVSS 5.3
CVE-2017-16654
HIGH
Symfony <4.0-BETA5 - Path Traversal
CVSS 7.5
CVE-2017-2595
HIGH
Red Hat JBoss EAP 6 & 7 - Authenticated Arbitrary File Read via Path Traversal
CVSS 7.7
CVE-2017-3188
MEDIUM
dotcms < 3.7.1 - Unauthenticated Path Traversal and Arbitrary File Write via Push Publishing Bundle Archive
CVSS 6.5
Details
Vulnerabilities
9,275
Exploit Likelihood
High