CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,283 vulnerabilities with CWE-22
CVE-2017-8805
CRITICAL
Debian ftpsync < 20171017 - Path Traversal via Unsafe Rsync Links
CVSS 9.1
CVE-2017-9367
CRITICAL
BlackBerry Workspaces Server - Path Traversal
CVSS 9.8
CVE-2017-15363
HIGH
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
CVSS 7.5
CVE-2017-15276
HIGH
OpenText Documentum Content Server < 7.3 - Authenticated Path Traversal via TAR Archive Symlinks
CVSS 8.8
CVE-2017-12188
HIGH
Linux kernel <4.13.5 - Privilege Escalation
CVSS 7.8
CVE-2017-14614
MEDIUM
GridGain <1.7.16, <1.8.12, <1.9.7, <8.1.5 - Path Traversal
CVSS 6.5
CVE-2017-15079
HIGH
Smush Image Compression and Optimization < 2.7.5 - Path Traversal
CVSS 7.5
CVE-2017-13996
HIGH
LOYTEC LVIS-3ME <6.2.0 - Path Traversal
CVSS 8.8
CVE-2017-12263
HIGH
Cisco License Manager - Path Traversal
CVSS 7.5
CVE-2017-14754
MEDIUM
OpenText Document Sciences xPression < 4.5 - Authenticated Arbitrary File Read via xsd_datasource_schema_file Parameter
CVSS 6.5
CVE-2017-13985
MEDIUM
HPE BSM Platform Application Performance Management System Health 9.26, 9.30, 9.40 - Path Traversal
CVSS 6.5
CVE-2017-13982
HIGH
HPE BSM <9.26-9.40 - Path Traversal
CVSS 8.8
CVE-2017-1577
HIGH
IBM WebSphere Portal 7.0, 8.0, 8.5, 9.0 - Path Traversal via Dot Dot Sequences
CVSS 7.5
CVE-2017-14849
HIGH
Node.js <8.6.0 - Directory Traversal
CVSS 7.5
CVE-2017-7974
CRITICAL
Schneider Electric U.motion Builder <= 1.2.1 - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 9.8
CVE-2017-14722
HIGH
WordPress < 4.8.2 - Path Traversal via Customizer Theme Filename
CVSS 7.5
CVE-2017-14719
HIGH
WordPress < 4.8.2 - Path Traversal via Unzip Operations
CVSS 7.5
CVE-2017-8007
HIGH
EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) Path Traversal via Webservice Gateway
CVSS 8.8
CVE-2017-10931
HIGH
ZTE ZXR10 Firmware < 3.00.40 - Unauthenticated Path Traversal and Information Disclosure
CVSS 7.5
CVE-2017-14514
HIGH
Tenda W15E <15.11.0.14 - Path Traversal
CVSS 7.5
CVE-2017-14513
MEDIUM
MetInfo 5.3.17 - Path Traversal via f_filename Parameter
CVSS 5.3
CVE-2017-11162
MEDIUM
Synology Photo Station < 6.7.4-3433 and 6.3-2968 - Authenticated Path Traversal
CVSS 6.5
CVE-2017-14120
HIGH
unrar 0.0.1 - Path Traversal via RAR v2 Archive Extraction
CVSS 7.5
CVE-2017-0901
HIGH
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
CVSS 7.5
CVE-2017-13780
HIGH
EyesOfNetwork 5.1-0 - Path Traversal via module/admin_conf/download.php file Parameter
CVSS 7.5
Details
Vulnerabilities
9,283
Exploit Likelihood
High