CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2014-2352
Cogent DataHub < 7.3.4 - Path Traversal and Denial of Service
CVE-2014-3865
dpkg-dev 1.3.0 - Path Traversal via Crafted Index Pseudo-Header
CVE-2014-3864
dpkg-dev 1.3.0 - Path Traversal via Crafted Source Package
CVE-2014-3227
dpkg 1.15.9 1.16.x<1.16.14 1.17.x<1.17.9 - Path Traversal via Noncompliant Patch Program
CVE-2014-3806
VMTurbo Operations Manager < 4.6 - Unauthenticated Directory Traversal via xml_path Parameter
CVE-2014-3460
NetIQ Sentinel Agent Manager - Path Traversal and Arbitrary File Write via NQMcsVarSet ActiveX DumpToFile Method
CVE-2014-0918
IBM WebSphere Portal Path Traversal via IEHS URL
CVE-2014-3225
Cobbler 2.4.x-2.6.x - Authenticated Path Traversal via Kickstart Field
CVE-2014-3127
dpkg 1.15.9 - Directory Traversal via Crafted Source Package
CVE-2014-2933
Caldera 9.20 - Path Traversal via dirmng/index.php
CVE-2014-0130
HIGH
KEV
Ruby on Rails <3.2.18, <4.0.5, <4.1.1 - Path Traversal
CVSS 7.5
CVE-2014-1442
Core FTP Server 1.2 - Authenticated Path Traversal via XCRC Command
CVE-2014-0471
dpkg <1.15.9-1.17.8 - Path Traversal
CVE-2014-1843
Titan FTP Server <10.40.1829 - Path Traversal
CVE-2014-1842
Titan FTP Server <10.40.1829 - Path Traversal
CVE-2014-1841
Titan FTP Server <10.40.1829 - Path Traversal
CVE-2014-2846
WD Arkeia Virtual Appliance Firmware < 10.2.7 - Path Traversal and Remote Code Execution via Lang Cookie Parameter
CVE-2014-0780
CRITICAL
KEV
InduSoft Web Studio 7.1 - Path Traversal and Arbitrary Code Execution via NTWebServer
CVSS 9.8
CVE-2014-2976
Sixnet SixView Manager 2.4.1 - Unauthenticated Path Traversal via HTTP GET Request
CVE-2014-2732
Siemens SINEMA Server < 12.0 - Path Traversal via HTTP Traffic
CVE-2014-1974
LYSESOFT AndExplorer <20140403 - Path Traversal
CVE-2014-2858
Grails Resources Plugin 1.0.0-1.2.5 - Directory Traversal via Configured Block
CVE-2014-2864
CommonSpot Content Server < 7.0.1 and 8.x < 8.0.3 - Path Traversal via Filename Parameter
CVE-2014-2863
PaperThin CommonSpot < 7.0.1 and 8.x < 8.0.3 - Path Traversal via Full Pathname Parameter
CVE-2014-0358
Xangati XSR <11 - Xangati XNR <7 - Path Traversal
Details
Vulnerabilities
9,287
Exploit Likelihood
High