CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,283 vulnerabilities with CWE-22
CVE-2017-2090
MEDIUM
CubeCart < 6.1.4 - Authenticated Path Traversal
CVSS 6.5
CVE-2017-8297
CRITICAL
simple-file-manager < 2017-04-19 - Path Traversal in index.php
CVSS 9.8
CVE-2017-8283
CRITICAL
dpkg 1.3.0-1.18.23 - Directory Traversal via Crafted Debian Source Package
CVSS 9.8
CVE-2017-8115
MEDIUM
MODX Revolution 2.5.7 - Path Traversal in Setup URL Search Processor
CVSS 5.3
CVE-2017-8104
MEDIUM
MyBB < 1.8.11 - Path Traversal via Smilie Module Pathfolder Parameter
CVSS 5.3
CVE-2017-7462
CRITICAL
Intellinet NFC-30ir IP Camera - RCE
CVSS 9.8
CVE-2017-7461
MEDIUM
Intellinet NFC-30ir IP Camera <LM.1.6.16.05 - Path Traversal
CVSS 4.9
CVE-2017-6190
HIGH
D-Link DWR-116 Firmware - Unauthenticated Path Traversal via UIR GET Request
CVSS 7.5
CVE-2017-7577
CRITICAL
XiongMai uc-httpd - Path Traversal via GET Request
CVSS 9.8
CVE-2017-7565
HIGH
Splunk Hadoop Connect App - Path Traversal
CVSS 8.8
CVE-2017-7358
HIGH
LightDM < 1.22.0 - Path Traversal and Privilege Escalation via Guest Account Logout
CVSS 7.3
CVE-2017-4980
HIGH
EMC Isilon OneFS <8.0.0.1 - Path Traversal
CVSS 7.5
CVE-2017-7258
HIGH
eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0 - Path Traversal
CVSS 7.5
CVE-2017-5899
HIGH
s-nail < 14.8.5 - Path Traversal via randstr Argument
CVSS 7.0
CVE-2017-7240
HIGH
Miele Professional PST10 - Path Traversal
CVSS 7.5
CVE-2017-5869
HIGH
Nuxeo Platform 6.0, 7.1-7.3 - Authenticated Path Traversal and Remote Code Execution via X-File-Name Header
CVSS 8.8
CVE-2017-3851
HIGH
Cisco IOx 1.0.0.0-1.1.0.0 - Unauthenticated Path Traversal via CAF Web Interface
CVSS 7.5
CVE-2017-6805
MEDIUM
MobaXterm Personal Edition 9.4 - Path Traversal
CVSS 5.3
CVE-2017-6510
HIGH
Easy File Sharing FTP Server < 3.6 - Path Traversal
CVSS 7.5
CVE-2017-6527
HIGH
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Path Traversal via viewAppletFsa.cgi seqID Parameter
CVSS 7.5
CVE-2017-5231
HIGH
Rapid7 Metasploit <4.13.0-2017020701 - Path Traversal
CVSS 7.1
CVE-2017-5229
HIGH
Rapid7 Metasploit <4.13.0-2017020701 - Path Traversal
CVSS 7.1
CVE-2017-5228
HIGH
Rapid7 Metasploit <4.13.0-2017020701 - Path Traversal
CVSS 7.1
CVE-2017-5982
HIGH
Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path
CVSS 7.5
CVE-2017-5946
CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
CVSS 9.8
Details
Vulnerabilities
9,283
Exploit Likelihood
High