CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,280 vulnerabilities with CWE-22
CVE-2017-9965
MEDIUM
Pelco VideoXpert < 2.1 - Unauthenticated Sensitive Information Exposure via Directory Traversal
CVSS 5.8
CVE-2017-9964
MEDIUM
Schneider Electric Pelco VideoXpert < 2.1 - Path Traversal via Communication Sniffing
CVSS 6.9
CVE-2017-17992
CRITICAL
Biometric Shift Employee Management System - Arbitrary File Download via index.php form_file_name Parameter
CVSS 9.8
CVE-2017-17927
MEDIUM
Professional Service Script - Path Traversal via PATH_INFO to service-list/category/
CVSS 5.3
CVE-2017-17924
MEDIUM
PHP Scripts Mall Professional Service Script - Path Traversal via id Parameter
CVSS 5.3
CVE-2017-15309
HIGH
Huawei iReader < 8.0.2.301 - Path Traversal via Insufficient File Storage Path Validation
CVSS 7.1
CVE-2017-10907
MEDIUM
OneThird CMS Show Off < 1.85 - Path Traversal and Arbitrary File Read
CVSS 4.3
CVE-2017-5261
HIGH
Cambium Networks cnPilot <4.3.2-R4 - Path Traversal
CVSS 8.8
CVE-2017-15532
MEDIUM
Symantec Messaging Gateway < 10.6.4 - Path Traversal
CVSS 5.7
CVE-2017-17739
CRITICAL
BrightSign 4k242 Firmware < 6.2.63 - Path Traversal and Arbitrary File Write via /storage.html rp Parameter
CVSS 9.8
CVE-2017-17715
HIGH
Telegram Messenger < 2017-12-08 - Path Traversal via MediaController saveFile Method
CVSS 8.8
CVE-2017-16788
HIGH
Meinberg LANTIME <6.24.004 - Path Traversal
CVSS 7.2
CVE-2017-17671
CRITICAL
vBulletin <= 5.3.x - Unauthenticated Remote Code Execution via Path Traversal
CVSS 9.8
CVE-2017-1548
MEDIUM
IBM Sterling File Gateway 2.2 - Path Traversal via Specially-Crafted URL Request
CVSS 5.3
CVE-2017-15895
MEDIUM
Synology Router Manager < 1.1.5-6542-4 - Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2017-15894
MEDIUM
Synology DSM <5.2-5967-6/6.0.x<6.0.3-8754-3 Authenticated Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2017-15893
MEDIUM
Synology File Station < 1.1.1-0099 - Path Traversal & Arbitrary File Write
CVSS 6.5
CVE-2017-16929
HIGH
Claymore Dual GPU miner 10.1 - Path Traversal
CVSS 8.1
CVE-2017-10861
CRITICAL
QualitySoft QND Advance/Standard - Path Traversal via Specially Crafted Command
CVSS 9.1
CVE-2017-15607
CRITICAL
Inedo Otter < 1.7.4 - Path Traversal via Filesystem-Based Rafts
CVSS 9.8
CVE-2017-14196
HIGH
Squiz Matrix <5.3.6.1, <5.4.1.3 - Info Disclosure
CVSS 7.5
CVE-2017-17058
HIGH
WooCommerce < 3.2.6 - Directory Traversal via Email Template URI
CVSS 7.5
CVE-2017-17042
HIGH
YARD < 0.9.11 - Path Traversal via Relative Path Handling
CVSS 7.5
CVE-2017-16959
MEDIUM
TP-Link TL-WVR/TL-WAR/TL-ER/TL-R - Info Disclosure
CVSS 6.5
CVE-2017-16936
MEDIUM
Tenda AC9, AC15, AC18 Firmware - Unauthenticated Path Traversal via app_data_center
CVSS 6.5
Details
Vulnerabilities
9,280
Exploit Likelihood
High