CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,285 vulnerabilities with CWE-22
CVE-2016-10965
HIGH
real3d-flipbook-lite 1.0 - Path Traversal via deleteBook Parameter
CVSS 7.5
CVE-2016-10924
HIGH
zedna_ebook_download < 1.2 - Path Traversal
CVSS 7.5
CVE-2016-10828
HIGH
cPanel 11.50.0.4-11.50.5.2 - Remote Code Execution via Unsafe @INC Path
CVSS 8.8
CVE-2016-10759
CRITICAL
Precurio 2.1 - Path Traversal and Remote Code Execution via Xinha ExtendedFileManager
CVSS 9.8
CVE-2016-10751
HIGH
osClass 3.6.1 - Directory Traversal and Remote Code Execution via Plugin Parameter
CVSS 7.2
CVE-2016-10733
CRITICAL
ProjectSend r582 - Path Traversal via file Parameter in process-zip-download.php
CVSS 9.8
CVE-2016-7041
MEDIUM
Red Hat JBoss BRMS and Drools Workbench - Authenticated Path Traversal
CVSS 6.5
CVE-2016-9484
HIGH
jqueryform php_formmail_generator < 2016-12-06 - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 7.5
CVE-2016-10726
HIGH
DSpace < 3.6, 4.0-4.5 - Path Traversal via XMLUI Themes Path
CVSS 7.5
CVE-2016-10561
MEDIUM
Bitty 0.2.10 - Path Traversal via URL Path in GET Requests
CVSS 5.3
CVE-2016-10538
LOW
node-cli < 1.0.0 - Path Traversal via Insecure Lock and Log File Handling
CVSS 3.5
CVE-2016-10528
MEDIUM
restafary < 1.6.1 - Path Traversal
CVSS 4.9
CVE-2016-6795
CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
CVSS 9.8
CVE-2016-10400
HIGH
ATutor < 2.2.1 - Path Traversal via Icon Parameter
CVSS 7.5
CVE-2016-7826
MEDIUM
Buffalo WNC01WH Firmware <= 1.0.0.8 - Authenticated Path Traversal via POST Request
CVSS 6.5
CVE-2016-7825
MEDIUM
Buffalo WNC01WH Firmware <= 1.0.0.8 - Authenticated Path Traversal
CVSS 6.5
CVE-2016-7802
MEDIUM
Cybozu Garoon 3.0.0-4.2.2 - Authenticated Path Traversal
CVSS 6.5
CVE-2016-10331
HIGH
Synology Photo Station < 6.5.3-3226 - Path Traversal via Download ID Parameter
CVSS 7.5
CVE-2016-10330
HIGH
Synology Photo Station < 6.5.3-3226 - Local Arbitrary File Write via synophoto_dsm_user Path Traversal
CVSS 7.1
CVE-2016-10367
HIGH
Opsview Monitor Pro - Unauthenticated Path Traversal via URL Encoding Bypass
CVSS 7.5
CVE-2016-8593
HIGH
Trend Micro Threat Discovery Appliance <2.6.1062r1 - Path Traversal
CVSS 8.8
CVE-2016-7843
MEDIUM
AttacheCase for Java < 0.6.0, AttacheCase Lite < 1.4.6, AttacheCase Pro < 1.5.7 - Path Traversal via ATC File
CVSS 5.5
CVE-2016-7842
MEDIUM
HiBARA Software AttacheCase < 2.8.2.8 and 3.2.0.4 - Path Traversal via ATC File
CVSS 5.5
CVE-2016-4313
HIGH
eXtplorer 2.1.9 - Path Traversal via Archive Extraction
CVSS 7.8
CVE-2016-5312
MEDIUM
Symantec Messaging Gateway < 10.6.2 - Authenticated Path Traversal via ChartStream sn Parameter
CVSS 6.5
Details
Vulnerabilities
9,285
Exploit Likelihood
High