CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,286 vulnerabilities with CWE-22
CVE-2015-4716
ownCloud Server < 7.0.6 and 8.0.x < 8.0.4 - Path Traversal
CVE-2015-5662
Avast Antivirus < 150918-0 - Path Traversal and Arbitrary File Write via ZIP Archive Entry
CVE-2015-7683
WordPress Font <7.5.1 - Path Traversal
CVE-2015-1807
Jenkins < 1.600 and LTS < 1.596.1 - Authenticated Path Traversal via Symlink
CVE-2015-6003
QNAP QTS <4.1.4-4.2.0 - Path Traversal
CVE-2015-7372
revive_adserver < 3.2.1 - Local File Inclusion via layerstyle Parameter
CVE-2015-5650
AjaXplorer 2.0 - Path Traversal
CVE-2015-4546
RSA Certificate Manager and RSA OneStep < 6.9 - Path Traversal via KCSOSC_ERROR_PAGE Parameter
CVE-2015-7603
Konica Minolta FTP Utility 1.0 - Path Traversal
CVE-2015-7602
BisonWare BisonFTP <3.5 - Path Traversal
CVE-2015-7601
PCMan's FTP Server <2.0.7 - Path Traversal
CVE-2015-5638
H2O <1.4.5, <1.5.0-beta2 - Path Traversal
CVE-2015-6459
GE MDS PulseNET < 3.1.5 - Path Traversal and Arbitrary File Read/Delete via FileDownloadServlet
CVE-2015-7237
McAfee Agent 5.x - Path Traversal via Remote Log Viewing
CVE-2015-4040
F5 Enterprise Manager 3.0.0-3.1.1 - Authenticated Path Traversal
CVE-2015-5472
IBS Mappro < 0.6 - Path Traversal via File Parameter
CVE-2015-6914
SiteFactory CMS 5.5.9 - Path Traversal via File Parameter
CVE-2015-5199
Canonical Ubuntu Linux < 1.1.0 - Path Traversal
CVE-2015-2990
NEOJAPAN desknet NEO <2.5R1.4 - Path Traversal
CVE-2015-5688
geddy < 13.0.8 - Path Traversal via Dot Dot Encoded Slash in PATH_INFO
CVE-2015-1830
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
CVE-2015-5482
GD bbPress Attachments <2.3 - Path Traversal
CVE-2015-4670
DevExpress AJAX Control Toolkit < 15.0 - Path Traversal and Arbitrary File Write
CVE-2015-4425
pimcore < build 3473 - Authenticated Path Traversal and Arbitrary File Write via Admin Asset Compatibility Endpoint
CVE-2015-5531
Elasticsearch <1.6.1 - Path Traversal
Details
Vulnerabilities
9,286
Exploit Likelihood
High