CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,283 vulnerabilities with CWE-22
CVE-2017-6681
HIGH
Cisco Ultra Services Framework 21.0.0.0 - Unauthenticated Relative Path Traversal and Sensitive File Read
CVSS 7.5
CVE-2017-8841
HIGH
Peplink Balance 305 380 580 710 1350 2500 Firmware - Arbitrary File Deletion via upfile.path Parameter
CVSS 8.1
CVE-2017-9428
HIGH
BigTree CMS <4.2.18 - Path Traversal
CVSS 7.5
CVE-2017-9416
MEDIUM
Odoo 8.0, 9.0, 10.0 - Authenticated Path Traversal via tools.file_open
CVSS 6.5
CVE-2017-8314
MEDIUM
Kodi <= 17.1 - Path Traversal and Arbitrary File Write via Zip Extraction
CVSS 5.5
CVE-2017-5966
MEDIUM
Sitecore CRM 8.1 Rev 151207 - Authenticated Path Traversal via Download Endpoint
CVSS 4.9
CVE-2017-6821
CRITICAL
Zimbra Collaboration Suite <8.7.6 - Path Traversal
CVSS 9.8
CVE-2017-6636
MEDIUM
Cisco Prime Collaboration Provisioning < 11.1 - Authenticated Path Traversal via HTTP Request
CVSS 6.5
CVE-2017-9024
HIGH
Secure Bytes SCA 3.0 - Path Traversal
CVSS 7.5
CVE-2017-6652
HIGH
Cisco TelePresence IX5000 Series - Unauthenticated Arbitrary File Read via Directory Traversal
CVSS 7.5
CVE-2017-3980
HIGH
McAfee ePO <5.9.0-5.1.3 - Path Traversal
CVSS 7.2
CVE-2017-9067
HIGH
MODX Revolution <2.5.7 - Path Traversal
CVSS 7.0
CVE-2017-7433
MEDIUM
Micro Focus Vibe <4.0.2 - Path Traversal
CVSS 6.5
CVE-2017-9031
CRITICAL
Deluge < 1.3.15 - Path Traversal in WebUI Render File Request
CVSS 9.8
CVE-2017-9030
HIGH
Codextrous B2J Contact <2.1.13 - Path Traversal
CVSS 7.5
CVE-2017-8921
HIGH
FlightGear <2017.2.1 - Path Traversal
CVSS 7.5
CVE-2017-2163
HIGH
SOY CMS 1.8.1-1.8.12 - Authenticated Path Traversal via shop_id
CVSS 7.5
CVE-2017-8868
HIGH
flatcore-cms 1.4.7 - Path Traversal and Arbitrary File Deletion via delete Parameter
CVSS 7.5
CVE-2017-8853
HIGH
Fiyo CMS 2.0.7 - Path Traversal and Arbitrary File Delete via Backuper Controller
CVSS 7.5
CVE-2017-7929
HIGH
Advantech WebAccess < 8.1 - Path Traversal
CVSS 7.1
CVE-2017-6629
MEDIUM
Cisco Unity Connection 10.5(2) - Unauthenticated Path Traversal via ImageID Parameter
CVSS 5.3
CVE-2017-2150
MEDIUM
Booking Calendar <7.0 - Path Traversal
CVSS 5.3
CVE-2017-2119
HIGH
WBCE CMS <= 1.1.10 - Path Traversal
CVSS 8.6
CVE-2017-2117
MEDIUM
CubeCart < 6.1.5 - Authenticated Path Traversal
CVSS 4.9
CVE-2017-2098
MEDIUM
CubeCart < 6.1.4 - Authenticated Path Traversal
CVSS 6.5
Details
Vulnerabilities
9,283
Exploit Likelihood
High