CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,285 vulnerabilities with CWE-22
CVE-2016-5307
MEDIUM
Symantec Endpoint Protection Manager < 12.1.6 - Authenticated Path Traversal
CVSS 4.3
CVE-2016-1434
MEDIUM
Cisco 8800 <11.0(1) - File Deletion
CVSS 6.5
CVE-2016-1192
MEDIUM
Cybozu Garoon <4.2 - Path Traversal
CVSS 4.3
CVE-2016-1191
MEDIUM
Cybozu Garoon <4.2.1 - Path Traversal
CVSS 5.3
CVE-2016-4815
HIGH
BUFFALO WZR-600DHP3 and WZR-S600DHP Firmware <= 2.16 - Path Traversal
CVSS 7.5
CVE-2016-4814
HIGH
Geospatial Information Authority of Japan Old_GSI_Maps - Path Traversal via kml2jsonp.php
CVSS 7.5
CVE-2016-1223
MEDIUM
Trend Micro Office Scan <11.0 - Path Traversal
CVSS 5.3
CVE-2016-4532
CRITICAL
Trihedral VTScada 8.x-11.x < 11.2.02 - Path Traversal via WAP Interface
CVSS 9.1
CVE-2016-1212
LOW
Futomi MP Form Mail CGI Pro <3.2.3 - Path Traversal
CVSS 2.7
CVE-2016-1671
HIGH
Google Chrome <50.0.2661.102 - Path Traversal
CVSS 8.1
CVE-2016-1593
HIGH
Micro Focus Novell Service Desk <7.2 - Path Traversal
CVSS 7.2
CVE-2016-3972
LOW
dotcms < 3.5 - Authenticated Path Traversal via dotTailLogServlet fileName Parameter
CVSS 2.7
CVE-2016-4004
MEDIUM
Dell OpenManage Server Administrator 8.2 - Authenticated Path Traversal via ViewFile File Parameter
CVSS 4.9
CVE-2016-0784
MEDIUM
Apache OpenMeetings <3.1.1 - Path Traversal
CVSS 6.5
CVE-2016-0709
HIGH
Apache Jetspeed <2.3.1 - Path Traversal
CVSS 7.2
CVE-2016-3976
HIGH
KEV
SAP NetWeaver AS Java <7.6 - Path Traversal
CVSS 7.5
CVE-2016-2097
MEDIUM
Ruby on Rails < 3.2.22.2 and 4.x < 4.1.14.2 - Directory Traversal via Render Method
CVSS 5.3
CVE-2016-2289
HIGH
ICONICS WebHMI < 9.0 - Path Traversal and Password Hash Exposure
CVSS 7.5
CVE-2016-2389
HIGH
SAP NetWeaver xMII 15.0 - Directory Traversal via GetFileList Path Parameter
CVSS 7.5
CVE-2016-0752
HIGH
KEV
Ruby on Rails Dynamic Render File Upload Remote Code Execution
CVSS 7.5
CVE-2016-1525
HIGH
NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
CVSS 8.6
CVE-2016-1145
HIGH
NEC EXPRESSCLUSTER X - Path Traversal
CVSS 7.5
CVE-2016-0855
HIGH
Advantech WebAccess <8.1 - Path Traversal
CVSS 7.5
CVE-2016-1231
MEDIUM
Prosody <0.9.9 - Path Traversal
CVSS 5.9
CVE-2015-10136
HIGH
GI-Media Library <3.0 - Path Traversal
CVSS 7.5
Details
Vulnerabilities
9,285
Exploit Likelihood
High