CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,283 vulnerabilities with CWE-22
CVE-2017-3163
HIGH
Apache Solr < 5.5.4 and 6.0.0-6.4.0 - Path Traversal via Index Replication File Name
CVSS 7.5
CVE-2017-2258
MEDIUM
Cybozu Garoon <4.2.5 - Path Traversal
CVSS 4.3
CVE-2017-10841
MEDIUM
WebCalendar <= 1.2.7 - Authenticated Path Traversal
CVSS 4.9
CVE-2017-10834
MEDIUM
NIPPON ANTENNA SCR02HD Firmware <= 1.0.3.1000 - Authenticated Path Traversal
CVSS 6.5
CVE-2017-7693
MEDIUM
Riverbed OPNET ARX <9.6.1 - Path Traversal
CVSS 6.5
CVE-2017-9640
MEDIUM
ALC WebCTRL <6.5 - Path Traversal
CVSS 6.3
CVE-2017-12694
HIGH
SpiderControl SCADA Web Server - Path Traversal via GET Request
CVSS 7.5
CVE-2017-9511
HIGH
Atlassian Fisheye/Crucible <4.4.1 - Path Traversal
CVSS 7.5
CVE-2017-12074
MEDIUM
Synology DNS Server <2.2.1-3042 - Path Traversal
CVSS 6.5
CVE-2017-12791
CRITICAL
SaltStack Salt < 2016.11.7 and 2017.7.0-2017.7.1 - Directory Traversal in Minion ID Validation
CVSS 9.8
CVE-2017-7424
MEDIUM
Micro Focus Enterprise Developer/Server <2.3.0 - Path Traversal
CVSS 6.5
CVE-2017-12943
CRITICAL
D-Link DIR-600 B1 v2.x - Unauthenticated Path Traversal via __show_info.php REQUIRE_FILE Parameter
CVSS 9.8
CVE-2017-10665
HIGH
phpgrid < 7.2.5 - Remote Code Execution via Directory Traversal in ajaxfileupload.php
CVSS 7.8
CVE-2017-12938
HIGH
UnRAR < 5.5.6 - Path Traversal via Symlink Manipulation
CVSS 7.5
CVE-2017-7675
HIGH
Apache Tomcat <9.0.0.M22, <8.5.16 - Path Traversal
CVSS 7.5
CVE-2017-11152
HIGH
Synology Photo Station < 6.7.3-3432 Path Traversal & Arbitrary File Write via PixlrEditorHandler.php
CVSS 7.5
CVE-2017-12637
HIGH
KEV
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
CVSS 7.5
CVE-2017-6758
MEDIUM
Cisco Unified Communications Manager 11.5(1.10000.6 - Path Traversal
CVSS 6.5
CVE-2017-12586
MEDIUM
SLiMS 8 Akasia through 8.3.1 - Authenticated Path Traversal via url Parameter
CVSS 6.5
CVE-2017-10949
HIGH
Dell Storage Manager 2016 R2.1 - Path Traversal in EmWebsiteServlet doGet Method
CVSS 7.5
CVE-2017-7442
HIGH
Nitro Pro 11.0.3.173 - Remote Code Execution via Directory Traversal in saveAs and launchURL
CVSS 8.8
CVE-2017-11389
CRITICAL
Trend Micro Control Manager 6.0 - Path Traversal and Remote Code Execution
CVSS 9.8
CVE-2017-11723
HIGH
Xinha 0.96 - Path Traversal via ImageManager deld Parameter
CVSS 7.5
CVE-2017-11658
HIGH
WP Rocket 2.9.3 - Path Traversal via Null Byte Bypass
CVSS 7.5
CVE-2017-11630
HIGH
Fiyo CMS 2.0.7 - Unauthenticated Arbitrary File Deletion via Directory Traversal in Backuper Controller
CVSS 7.5
Details
Vulnerabilities
9,283
Exploit Likelihood
High