CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,285 vulnerabilities with CWE-22
CVE-2017-5982
HIGH
Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path
CVSS 7.5
CVE-2017-5946
CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
CVSS 9.8
CVE-2017-6306
HIGH
ytnef < 1.9.1 - Path Traversal via SanitizeFilename Function
CVSS 7.8
CVE-2017-5168
HIGH
Hanwha Techwin Smart Security Manager <1.5 - Path Traversal
CVSS 7.5
CVE-2017-5163
MEDIUM
Belden Hirschmann GECKO Lite <2.0.00 - Path Traversal
CVSS 5.9
CVE-2017-5143
HIGH
Honeywell XL Web II controller <XL1000C500 - Path Traversal
CVSS 8.6
CVE-2017-5219
CRITICAL
SageCRM < 7.3 SP3 - Unauthenticated Path Traversal and Arbitrary File Write via Component Manager Zip Upload
CVSS 9.8
CVE-2017-5182
HIGH
Open Enterprise Server - Unauthenticated Arbitrary File Read via Remote Manager URL
CVSS 7.5
CVE-2017-5539
CRITICAL
b2evolution - Path Traversal and Arbitrary File Read via Filter Bypass
CVSS 9.1
CVE-2017-5541
MEDIUM
Symphony < 2.6.9 - Path Traversal via User Error Template Parameters
CVSS 5.3
CVE-2017-5480
HIGH
b2evolution < 6.8.3 - Authenticated Path Traversal via fm_selected Array Parameter
CVSS 8.1
CVE-2016-20081
HIGH
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
CVSS 7.5
CVE-2016-20076
HIGH
WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download
CVSS 7.5
CVE-2016-20048
HIGH
iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter
CVSS 8.4
CVE-2016-20041
HIGH
Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter
CVSS 8.4
CVE-2016-20040
HIGH
TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter
CVSS 8.4
CVE-2016-20023
MEDIUM
CKSource CKFinder <2.5.0.1 - File Download
CVSS 5.0
CVE-2016-15055
HIGH
JVC IP-Camera VN-T216VPRU < 2016-08-22 - Unauthenticated Path Traversal via checkcgi Endpoint
CVE-2016-15038
MEDIUM
NUUO NVRmini 2 <3.0.8 - Path Traversal
CVSS 6.5
CVE-2016-15023
LOW
SiteFusion Application Server <6.6.6 - Path Traversal
CVSS 3.5
CVE-2016-15019
MEDIUM
jekbox < 2016-02-01 - Path Traversal in lib/server.rb
CVSS 4.3
CVE-2016-15017
MEDIUM
TYPO3 fabarea media_upload <0.9.0 - Path Traversal
CVSS 5.5
CVE-2016-7063
CRITICAL
pritunl-client < 1.0.1116.6 - Arbitrary File Write via Path Traversal
CVSS 9.8
CVE-2016-10977
MEDIUM
Nelio AB Testing < 4.5.0 - Path Traversal via Filename Parameter
CVSS 6.5
CVE-2016-10966
HIGH
real3d-flipbook-lite 1.0 - Path Traversal and Arbitrary File Write via bookName Parameter
CVSS 7.5
Details
Vulnerabilities
9,285
Exploit Likelihood
High