CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,286 vulnerabilities with CWE-22
CVE-2015-10136
HIGH
GI-Media Library <3.0 - Path Traversal
CVSS 7.5
CVE-2015-10134
HIGH
Simple Backup <2.7.10 - Arbitrary File Download
CVSS 7.5
CVE-2015-5467
CRITICAL
Yii 2.0.0-2.0.4 - Arbitrary Local File Execution via View Parameter Path Traversal
CVSS 9.8
CVE-2015-10105
MEDIUM
IP Blacklist Cloud Plugin <3.42 - Path Traversal
CVSS 6.3
CVE-2015-10043
MEDIUM
abreen Apollo < 2015-01-29 - Path Traversal via File Argument
CVSS 5.5
CVE-2015-10030
MEDIUM
SUKOHI Surpass <1.0.0 - Path Traversal
CVSS 5.5
CVE-2015-10024
MEDIUM
larasync < 2015-01-20 - Path Traversal in File Storage
CVSS 5.5
CVE-2015-2074
HIGH
SAP BusinessObjects Edge 4.0 - Unauthenticated Arbitrary File Write via File Repository Server CORBA Listener
CVSS 7.5
CVE-2015-2073
HIGH
SAP BusinessObjects Edge 4.0 - Unauthenticated Path Traversal via File Repository Server CORBA Listener
CVSS 7.5
CVE-2015-9546
MEDIUM
Android KK(4.4) and later through 2015-06-16 - Path Traversal via Inputmethod HTTP Connection
CVSS 4.8
CVE-2015-8535
HIGH
Lenovo Solution Center <3.3.002 - Path Traversal
CVSS 7.8
CVE-2015-6589
HIGH
Kaseya VSA <=9.1.0.8 Authenticated Path Traversal & Arbitrary File Write via json.ashx
CVSS 8.8
CVE-2015-3309
HIGH
Etherpad 1.1.2-1.5.4 - Path Traversal via HTTP API Path Parameter
CVSS 7.5
CVE-2015-7851
MEDIUM
NTP 4.2.0-4.2.8 - Authenticated Path Traversal via save_config Function
CVSS 6.5
CVE-2015-6591
MEDIUM
Free Reprintables ArticleFR < 3.0.7 - Path Traversal via LoadJS s Parameter
CVSS 5.5
CVE-2015-5952
CRITICAL
Thomson Reuters for FATCA <5.2 - Path Traversal
CVSS 9.8
CVE-2015-3151
HIGH
Automatic Bug Reporting Tool - Path Traversal via NewProblem GetInfo SetElement or DeleteElement Methods
CVSS 7.8
CVE-2015-2060
MEDIUM
cabextract < 1.6 - Path Traversal via Malformed UTF-8 Character
CVSS 5.3
CVE-2015-9538
MEDIUM
NextGEN Gallery < 2.1.15 - Path Traversal via Path Selection
CVSS 6.5
CVE-2015-1396
HIGH
GNU patch < 2.7.4 - Arbitrary File Write via Symlink Attack in Patch File
CVSS 7.5
CVE-2015-9480
HIGH
RobotCPA 5 for WordPress - Path Traversal via f.php l Parameter
CVSS 7.5
CVE-2015-9473
HIGH
estrutura-basica < 2015-09-13 - Path Traversal via Download Script Arquivo Parameter
CVSS 7.5
CVE-2015-9470
HIGH
ionadas history_collection < 1.1.1 - Path Traversal via download.php var Parameter
CVSS 7.5
CVE-2015-9463
HIGH
s3bubble-amazon-s3-audio-streaming 2.0 - Path Traversal via downloader.php path parameter
CVSS 7.5
CVE-2015-9464
HIGH
s3bubble-amazon-s3-html-5-video-with-adverts 0.7 - Path Traversal via Downloader Path Parameter
CVSS 7.5
Details
Vulnerabilities
9,286
Exploit Likelihood
High