CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,280 vulnerabilities with CWE-22
CVE-2017-1279
MEDIUM
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 - Path Traversal via URL Request
CVSS 6.5
CVE-2017-16610
CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Path Traversal and Arbitrary File Write via upload_save_do.jsp
CVSS 9.8
CVE-2017-16606
HIGH
NetGain Systems Enterprise Manager <7.2.730 - RCE
CVSS 8.8
CVE-2017-16605
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16604
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16603
HIGH
NetGain Systems Enterprise Manager <7.2.730 - RCE
CVSS 8.8
CVE-2017-16601
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - RCE
CVSS 6.5
CVE-2017-16600
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16599
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16598
HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-16597
CRITICAL
NetGain Systems Enterprise Manager 7.2.730 build 1034 - RCE
CVSS 9.8
CVE-2017-16596
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - Info Disclosure
CVSS 6.5
CVE-2017-16595
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - Info Disclosure
CVSS 6.5
CVE-2017-16593
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16592
MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - Info Disclosure
CVSS 6.5
CVE-2017-16591
MEDIUM
NetGain Systems Enterprise Manager <7.2.699 - Info Disclosure
CVSS 6.5
CVE-2017-10273
MEDIUM
Oracle JDeveloper 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0 - Authenticated Path Traversal
CVSS 4.7
CVE-2017-17662
HIGH
Yawcam 0.2.6-0.6.0 - Path Traversal via Dot-Slash Sequence Manipulation
CVSS 7.5
CVE-2017-1671
HIGH
IBM Tivoli Key Lifecycle Manager <2.8 - Path Traversal
CVSS 7.5
CVE-2017-15550
HIGH
EMC Avamar Server 7.1.x-7.5.0 - Authenticated Path Traversal
CVSS 8.8
CVE-2017-16720
CRITICAL
Advantech WebAccess <= 8.3.2 - Path Traversal
CVSS 9.8
CVE-2017-1000472
MEDIUM
POCO C++ Libraries <1.8 - Path Traversal
CVSS 6.5
CVE-2017-1000490
MEDIUM
Mautic 1.0.0-2.11.0 - Authenticated Path Traversal via Filemanager
CVSS 6.5
CVE-2017-1000501
CRITICAL
awstats < 7.6.0 - Unauthenticated Path Traversal and Remote Code Execution via Config and Migrate Parameters
CVSS 9.8
CVE-2017-1000448
HIGH
Structured Data Linter <2.4.1 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities
9,280
Exploit Likelihood
High