CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,286 vulnerabilities with CWE-22
CVE-2015-9406
HIGH
mTheme-Unus < 2.3 - Path Traversal via CSS File Parameter
CVSS 7.5
CVE-2015-9287
CRITICAL
University of Cambridge mod_ucam_webauth < 2.0.2 - Path Traversal via WLS-Response kid Field
CVSS 9.8
CVE-2015-4617
HIGH
easy2map-photos 1.09 - Path Traversal via MapPinImageUpload.php and MapPinIconSave.php
CVSS 7.5
CVE-2015-9277
CRITICAL
MailEnable < 8.60 - Path Traversal and Arbitrary File Write via Mishandled /../ Sequences
CVSS 9.1
CVE-2015-9275
MEDIUM
ARC 5.21q - Path Traversal via Archive File
CVSS 5.3
CVE-2015-4632
HIGH
Koha 3.14.00-3.14.15 - Path Traversal via Template Path Parameter
CVSS 7.5
CVE-2015-9266
CRITICAL
Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2015-1503
HIGH
IceWarp Mail Server <11.2 - Path Traversal
CVSS 7.5
CVE-2015-5079
HIGH
BlackCat CMS < 1.1.2 - Path Traversal via widgets/logs.php dl Parameter
CVSS 7.5
CVE-2015-4461
MEDIUM
efront < 3.6.15.4 - Authenticated Path Traversal via Other Parameter
CVSS 6.5
CVE-2015-9250
HIGH
Skybox Platform < 7.5.201 - Path Traversal via tempFileName Parameter
CVSS 7.5
CVE-2015-7669
CRITICAL
easy2map < 1.3.0 - Path Traversal and Arbitrary File Execution via CSV File Parameter
CVSS 9.8
CVE-2015-2856
HIGH
Accellion File Transfer Appliance < fta_9_11_200 - Path Traversal via Statecode Cookie
CVSS 7.5
CVE-2015-1429
HIGH
Thinfinity Remote Desktop Workstation <3.0.0.3 - Path Traversal
CVSS 7.5
CVE-2015-4074
HIGH
Helpdesk Pro < 1.3.0 - Path Traversal via Ticket Download Attachment Filename Parameter
CVSS 7.5
CVE-2015-4085
HIGH
Etherpad < 1.6.0 - Path Traversal in Frontend Tests
CVSS 7.5
CVE-2015-1876
HIGH
ES File Explorer 3.2.4.1 - Path Traversal
CVSS 7.5
CVE-2015-1386
HIGH
unshield 1.0-1.1 - Path Traversal
CVSS 7.5
CVE-2015-1199
HIGH
ppmd 10.1-5 - Path Traversal
CVSS 7.5
CVE-2015-1198
HIGH
ha <0.999p+dfsg-5 - Path Traversal
CVSS 7.5
CVE-2015-4181
HIGH
phpMyBackupPro 2.1-2.5 - Path Traversal via View Parameter
CVSS 7.5
CVE-2015-4180
HIGH
phpMyBackupPro 2.1-2.4 - Path Traversal via View Parameter
CVSS 7.5
CVE-2015-1395
HIGH
GNU patch <2.7.3 - Path Traversal
CVSS 7.5
CVE-2015-8352
CRITICAL
Zen Cart 1.5.4 - Remote File Inclusion via AJAX act Parameter Path Traversal
CVSS 9.8
CVE-2015-0781
CRITICAL
Novell ZENworks Configuration Management - Remote Code Execution via Directory Traversal in Rtrlet doPost
CVSS 9.8
Details
Vulnerabilities
9,286
Exploit Likelihood
High