CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,283 vulnerabilities with CWE-22
CVE-2017-17042
HIGH
YARD < 0.9.11 - Path Traversal via Relative Path Handling
CVSS 7.5
CVE-2017-16959
MEDIUM
TP-Link TL-WVR/TL-WAR/TL-ER/TL-R - Info Disclosure
CVSS 6.5
CVE-2017-16936
MEDIUM
Tenda AC9, AC15, AC18 Firmware - Unauthenticated Path Traversal via app_data_center
CVSS 6.5
CVE-2017-8189
MEDIUM
FusionSphere OpenStack V100R006C00SPC102(NFV) - Path Traversal
CVSS 6.0
CVE-2017-2706
HIGH
Huawei Mate 9 Firmware MHA-AL00AC00B125 - Path Traversal in Push Module
CVSS 7.1
CVE-2017-2695
MEDIUM
Huawei TIT-AL00 Firmware >=TIT-AL00C583B211 <TIT-AL00C583B211 - Path Traversal in Email Application
CVSS 5.5
CVE-2017-2693
HIGH
Huawei P8 Lite Firmware <= ALE-L02C635B140 - Path Traversal
CVSS 7.8
CVE-2017-16903
CRITICAL
LvyeCMS < 3.1 - Unauthenticated Path Traversal and Arbitrary PHP File Write via Template Style Add Request
CVSS 9.8
CVE-2017-15527
MEDIUM
Symantec Management Console < ITMS 8.1 RU4 - Path Traversal
CVSS 6.8
CVE-2017-1000170
HIGH
jqueryFileTree <2.1.5 - Path Traversal
CVSS 7.5
CVE-2017-16877
HIGH
Nextjs <2.4.1 - Local File Inclusion
CVSS 7.5
CVE-2017-1087
HIGH
FreeBSD 10.x - Path Traversal via POSIX Shared Memory
CVSS 7.8
CVE-2017-16806
HIGH
Ulterius Server < 1.9.5.0 - Directory Traversal
CVSS 7.5
CVE-2017-16762
HIGH
Sanic < 0.5.1 - Path Traversal via Static Endpoint
CVSS 7.5
CVE-2017-16759
MEDIUM
LibreNMS <2017-08-18 - Info Disclosure
CVSS 5.9
CVE-2017-11512
HIGH
ManageEngine ServiceDesk <9.3.9328 - Path Traversal
CVSS 7.5
CVE-2017-11511
HIGH
ManageEngine ServiceDesk <9.3.9328 - Path Traversal
CVSS 7.5
CVE-2017-10940
HIGH
Joyent Smart Data Center < [email protected] Authenticated Arbitrary File Write via Docker API
CVSS 8.8
CVE-2017-14695
CRITICAL
SaltStack Salt < 2016.3.8, 2016.11.x < 2016.11.8, 2017.7.x < 2017.7.2 - Directory Traversal in Minion ID Validation
CVSS 9.8
CVE-2017-9947
MEDIUM
Siemens APOGEE PXC and TALON TC BACnet Automation Controllers <V3.5 - Path Traversal via Web Server
CVSS 5.3
CVE-2017-15805
HIGH
Cisco Small Business SA520 and SA540 Firmware 2.1.71 and 2.2.0.7 - Path Traversal via thispage Parameter
CVSS 7.5
CVE-2017-15647
HIGH
FiberHome Routers - Local File Inclusion
CVSS 7.5
CVE-2017-10933
HIGH
ZTE ZXDT22 SF01 < V2.06.00.00 - Path Traversal via Full Path Name
CVSS 7.5
CVE-2017-12285
MEDIUM
Cisco Network Analysis Module Software - Path Traversal
CVSS 5.3
CVE-2017-15359
MEDIUM
3CX Phone System 15.5.3554.1 - Authenticated Path Traversal via RecordingList and SupportInfo API Parameters
CVSS 6.5
Details
Vulnerabilities
9,283
Exploit Likelihood
High