CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2015-5531
Elasticsearch <1.6.1 - Path Traversal
CVE-2015-5766
iPhone OS < 8.4.1 - Path Traversal via Air Traffic Asset Handling
CVE-2015-4666
Xceedium Xsuite - Directory Traversal via opm/read_sessionlog.php logFile Parameter
CVE-2015-3940
Schneider Electric Wonderware System Platform <2014 R2 Patch 01 - P...
CVE-2015-4289
Cisco AnyConnect Secure Mobility Client 4.0(2049) - Path Traversal and Arbitrary File Write via Configuration Attribute
CVE-2015-1490
Symantec SEPM <12.1-RU6-MP1 - Path Traversal
CVE-2015-2862
Kaseya Virtual System Administrator 7.x-7.0.0.29 8.x-8.0.0.18 9.0-9.0.0.14 9.1-9.1.0.4 - Authenticated Path Traversal
CVE-2015-2971
Seeds acmailer <3.8.18, <3.9.12 - Path Traversal
CVE-2015-2970
LEMON-S PHP Simple Oekaki BBS <1.21 - RCE
CVE-2015-4616
easy2map < 1.2.4 - Unauthenticated Path Traversal and Arbitrary File Write via MapPinImageSave.php map_id Parameter
CVE-2015-5353
Novius OS 5.0.1 - Path Traversal via Tab Parameter
CVE-2015-2966
Droidware UK Explorer+ <2.3.3 - Path Traversal
CVE-2015-5149
ManageEngine SupportCenter Plus 7.90 - Path Traversal & Arbitrary File Write via Attachment.jsp
CVE-2015-2965
osCommerce Japanese <2.2ms1j-R8 - Path Traversal
CVE-2015-0550
EMC Documentum Thumbnail Server - Path Traversal
CVE-2015-1884
IBM Business Process Manager - Path Traversal
CVE-2015-5065
Paypal Currency Converter Basic For WooCommerce < 1.4 - Unauthenticated Arbitrary File Read via requrl Parameter
CVE-2015-2860
Avigilon Control Center < 5.4.2.21 - Path Traversal via Help URL
CVE-2015-4641
SwiftKey SDK - Path Traversal and Arbitrary File Write via ZIP Archive Entry
CVE-2015-3897
Bonita BPM Portal <6.5.3 - Path Traversal
CVE-2015-4414
SE HTML5 Album Audio Player < 1.1.0 - Path Traversal via File Parameter
CVE-2015-4152
Logstash < 1.4.3 - Path Traversal and Arbitrary File Write via File Output Plugin
CVE-2015-4153
zM Ajax Login & Register < 1.0.9 - Path Traversal via Template Parameter
CVE-2015-4415
Anima Gallery 2.6 - Path Traversal via Theme or Lang Cookie Parameter
CVE-2015-3648
ResourceSpace <7.2.6727 - Path Traversal
Details
Vulnerabilities
9,287
Exploit Likelihood
High