CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2014-7951
MEDIUM
Android 4.0.4 - Path Traversal and Arbitrary File Write via ADB Backup Tar Headers
CVSS 4.6
CVE-2014-9609
MEDIUM
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Path Traversal
CVSS 5.3
CVE-2014-5236
HIGH
Open-Xchange AppSuite < 7.4.2-rev10 and 7.6.x < 7.6.0-rev10 - Path Traversal via OpenDocument File
CVSS 7.5
CVE-2014-8742
HIGH
Lexmark MarkVision Enterprise <2.1 - Path Traversal
CVSS 7.5
CVE-2014-8741
CRITICAL
Lexmark MarkVision Enterprise <2.1 - Path Traversal
CVSS 9.8
CVE-2014-1923
HIGH
Koha <3.8.23, <3.10.13, <3.12.10, <3.14.3 - Path Traversal
CVSS 7.5
CVE-2014-1922
HIGH
Koha <3.8.23, <3.10.13, <3.12.10, <3.14.3 - Path Traversal
CVSS 7.5
CVE-2014-5007
CRITICAL
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
CVSS 9.8
CVE-2014-9356
HIGH
Docker < 1.3.3 - Path Traversal and Arbitrary File Write via Symlink in Image or Dockerfile
CVSS 8.6
CVE-2014-9014
MEDIUM
WP Marketplace <2.4.1 - Path Traversal
CVSS 4.3
CVE-2014-10397
HIGH
Antioch Theme < 2014-09-07 - Unauthenticated Arbitrary File Download via Download Script
CVSS 7.5
CVE-2014-10396
HIGH
Epic Theme < 2.0.9 - Unauthenticated Arbitrary File Download via Download Endpoint
CVSS 7.5
CVE-2014-10390
CRITICAL
WP Support Plus Responsive Ticket System < 4.2 - Path Traversal
CVSS 9.1
CVE-2014-5436
HIGH
Honeywell Experion PKS R40x < R400.6, R41x < R410.6, R43x < R430.2 - Path Traversal in confd.exe
CVSS 7.5
CVE-2014-10066
HIGH
fancy-server < 0.1.4 - Path Traversal via Directory Traversal Sequences
CVSS 7.5
CVE-2014-10068
HIGH
hapi/inert < 1.1.1 - Path Traversal via Hidden Directory Handling
CVSS 7.5
CVE-2014-10073
HIGH
Psensor < 1.1.4 - Path Traversal in create_response Function
CVSS 7.5
CVE-2014-2069
HIGH
Eshtery CMS - Path Traversal via File Parameter in FileManager.aspx
CVSS 7.5
CVE-2014-2674
HIGH
Ajax Pagination (twitter Style) <1.1 - Path Traversal
CVSS 7.5
CVE-2014-3626
HIGH
Grails Resources 1.2.0-1.2.11 - Path Traversal via Double Decoding
CVSS 7.5
CVE-2014-3972
MEDIUM
Apexis APM-J601-WS <17.35.2.49 - Path Traversal
CVSS 5.3
CVE-2014-9485
MEDIUM
minizip < 1.1-5 - Path Traversal and Arbitrary File Write via ZIP Archive Entry
CVSS 5.5
CVE-2014-5068
HIGH
Symmetricom s350i 2.70.15 - Path Traversal via Dot-Dot-Slash Sequences
CVSS 7.5
CVE-2014-0115
HIGH
Apache Storm 0.9.0.1 - Path Traversal
CVSS 7.5
CVE-2014-3744
HIGH
st module for Node.js < 0.2.5 - Path Traversal via Encoded Dot-Dot Sequences
CVSS 7.5
Details
Vulnerabilities
9,287
Exploit Likelihood
High