CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2014-3702
CRITICAL
eDeploy - Path Traversal via Session Parameter
CVSS 9.1
CVE-2014-8676
MEDIUM
soplanning < 1.32 - Path Traversal via URL Path Parameter
CVSS 5.3
CVE-2014-8163
MEDIUM
Red Hat Satellite - Path Traversal via XMLRPC Interface
CVSS 6.5
CVE-2014-8871
HIGH
hybris Commerce <5.3.0.1 - Path Traversal
CVSS 7.5
CVE-2014-5302
HIGH
ManageEngine ServiceDesk Plus 5-9.0.9030 - Authenticated Path Traversal and Remote Code Execution
CVSS 8.8
CVE-2014-5301
HIGH
ManageEngine ServiceDesk Plus MSP 5-9.0.9030 Path Traversal
CVSS 8.8
CVE-2014-7954
MEDIUM
Android 4.4.4 - Path Traversal via MTP Name Parameter
CVSS 4.6
CVE-2014-9983
MEDIUM
RAR 4.x and 5.x - Path Traversal via Symlink Following
CVSS 5.5
CVE-2014-8704
CRITICAL
Wonder CMS 2014 - Path Traversal
CVSS 9.8
CVE-2014-9767
MEDIUM
PHP <5.4.45, 5.5.x <5.5.29, 5.6.x <5.6.13 - Path Traversal
CVSS 4.3
CVE-2014-1836
ImpressCMS < 1.3.6 - Path Traversal and Arbitrary File Deletion via Image Path Parameter
CVE-2014-9734
Slider Revolution <4.2 - Path Traversal
CVE-2014-8606
XCloner 3.1.1 and 3.5.1 - Authenticated Path Traversal via File Parameter
CVE-2014-6222
IBM Marketing Operations <9.1.1.2 - Path Traversal
CVE-2014-5370
BlueDragon < 7.1.1 - Path Traversal via CFChart Servlet QUERY_STRING
CVE-2014-8360
GLPI < 0.84.8 - Remote Code Execution via Dot Dot Underscore Path Traversal in Autoload Function
CVE-2014-9261
Codoforum 2.5.1 - Path Traversal via Path Parameter
CVE-2014-9282
Speed Root Explorer <3.2- Speed Explorer <2.2 - Path Traversal
CVE-2014-3578
Spring Framework 3.2.0-3.2.8 - Path Traversal via Crafted URL
CVE-2014-6194
IBM Maximo <7.5.0.6 - Path Traversal
CVE-2014-9375
Lexmark Markvision Enterprise - Path Traversal
CVE-2014-6154
IBM Optim Performance Manager 4.1.0.1-4.1.1 and InfoSphere Optim Performance Manager 5.1-5.3.1 - Path Traversal via URL
CVE-2014-0605
Attachmate Reflection FTP Client < 14.1.420 - Remote Code Execution via rftpcom.dll SaveSettings Method
CVE-2014-0604
Attachmate Reflection FTP Client < 14.1.420 - Remote Code Execution via rftpcom.dll StartLog Method
CVE-2014-9574
FluxBB < 1.5.8 - Path Traversal via install_lang Parameter
Details
Vulnerabilities
9,287
Exploit Likelihood
High