CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2014-8478
Siemens SCALANCE X-300 and X-408 Firmware < 4.0 - Denial of Service via Malformed HTTP Requests
CVE-2014-10037
domphp < 0.83 - Path Traversal via URL Parameter
CVE-2014-100033
LicensePal ArcticDesk < 1.2.4 - Path Traversal
CVE-2014-100029
Ganesha Digital Library 4.2 - Path Traversal via Newlang or Newtheme Parameter
CVE-2014-100015
SolidWorks Workgroup PDM 2014 - Unauthenticated Path Traversal and Arbitrary File Write via File Upload
CVE-2014-10010
PHPJabbers Appointment Scheduler 2.0 - Path Traversal via Backup Controller ID Parameter
CVE-2014-100002
ManageEngine SupportCenter Plus < 7.9 - Path Traversal via WorkOrder.do Attach Parameter
CVE-2014-6158
IBM PureApplication System/Workload Deployer Authenticated Path Traversal & RCE via File Upload
CVE-2014-9581
Codiad 2.4.3 - Path Traversal via File Manager Download Path Parameter
CVE-2014-9389
Sonatype Nexus OSS/Pro <2.11.1-01 - Path Traversal
CVE-2014-8084
Osclass < 3.4.2 - Path Traversal and Local File Inclusion via Ajaxfile Parameter
CVE-2014-9461
Cart66 Lite <1.5.4 - Path Traversal
CVE-2014-9452
VDG Security SENSE <2.3.13 - Path Traversal
CVE-2014-9447
elfutils 0.152 and 0.161 - Path Traversal via Crafted Archive
CVE-2014-9436
SysAid On-Premise <14.4.2 - Path Traversal
CVE-2014-9119
DB Backup plugin <4.5 - Path Traversal
CVE-2014-2217
Telerik UI for ASP.NET AJAX <Q3 2012 SP2 - Path Traversal
CVE-2014-6155
IBM WebSphere Service Registry and Repository 7.5.x-7.5.0.4 8.0.x<8.0.0.3 8.5.x<8.5.0.1 - Authenticated Path Traversal
CVE-2014-8019
Cisco Enterprise Content Delivery System - Path Traversal via Crafted URL
CVE-2014-6182
IBM Business Process Manager 8.0.x-8.0.1.3 & 8.5.x-8.5.5 Path Traversal via Process Center Export
CVE-2014-9373
ManageEngine NetFlow Analyzer - Path Traversal
CVE-2014-9372
ManageEngine PMP <7.103 - Path Traversal
CVE-2014-5359
SafeNet Authentication Service Outlook Web Access Agent < 1.03.20212 - Path Traversal via GetFile Parameter
CVE-2014-7866
ZOHO ManageEngine OpManager 8-11.4 Path Traversal & Arbitrary File Write via Servlets
CVE-2014-8737
GNU binutils <2.24 - Path Traversal
Details
Vulnerabilities
9,287
Exploit Likelihood
High