CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2014-6036
ManageEngine OpManager <11.3, Social IT Plus 11.0, IT360 <=10.4 - Path Traversal & File Deletion
CVE-2014-6035
ManageEngine OpManager < 11.3 - Path Traversal and Arbitrary File Write via FileCollector Servlet FILENAME Parameter
CVE-2014-6034
ManageEngine OpManager 8.8-11.3, Social IT Plus 11.0, IT360 <=10.4 - Path Traversal & Arbitrary File Write
CVE-2014-5446
ManageEngine Netflow Analyzer 8.6-10.2 and IT360 10.3 - Path Traversal via DisplayChartPDF Filename Parameter
CVE-2014-5445
ManageEngine Netflow Analyzer 8.6-10.2 and IT360 10.3 - Path Traversal via schFilePath Parameter
CVE-2014-9238
D-link IP camera DCS-2103 <1.0.0 - Info Disclosure
CVE-2014-9234
D-link IP camera DCS-2103 <1.0.0 - Path Traversal
CVE-2014-9181
Plex Media Server <0.9.9.3 - Path Traversal
CVE-2014-9155
Drupal Avatar Uploader <7.x-1.0-beta6 - Path Traversal
CVE-2014-7816
WildFly Directory Traversal
CVE-2014-8961
phpMyAdmin <4.1.14.7, <4.2.12 - Info Disclosure
CVE-2014-8959
phpMyAdmin <4.0.10.6-4.2.12 - Path Traversal
CVE-2014-8801
Paid Memberships Pro <1.7.15 - Path Traversal
CVE-2014-8799
dukapress < 2.5.3 - Path Traversal via src Parameter in dp_image.php
CVE-2014-3625
Spring Framework 3.0.4-3.2.11, 4.0.0-4.0.7, 4.1.0-4.1.1 - Path Traversal via Static Resource Handling
CVE-2014-7829
Opensuse < 4.1.8 - Path Traversal
CVE-2014-6095
IBM Security Identity Manager 6.x < 6.0.0.3 IF14 - Path Traversal
CVE-2014-8727
F5 BIG-IP Local Traffic Manager < 10.2.1 - Authenticated Path Traversal via Archive Properties or Form Name Parameter
CVE-2014-8555
Progress OpenEdge 11.2 - Path Traversal via reportViewAction.jsp Selection Parameter
CVE-2014-7819
Sprockets Path Traversal via Double Slash or URL-Encoded Dot-Dot-Slash Sequences
CVE-2014-7818
Ruby on Rails Path Traversal via URL-Encoded Dot-Dot-Slash Sequence
CVE-2014-5258
webEdition CMS < 6.3.8.0 - Authenticated Path Traversal via showTempFile.php file Parameter
CVE-2014-8659
SAP Environment, Health, and Safety - Path Traversal
CVE-2014-7985
EspoCRM < 2.5.2 - Path Traversal via Action Parameter
CVE-2014-6149
IBM Tivoli Application Dependency Discovery Manager Path Traversal
Details
Vulnerabilities
9,287
Exploit Likelihood
High