CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,287 vulnerabilities with CWE-22
CVE-2013-3921
Easy File Manager 1.1 - Path Traversal via Encoded Dot-Dot-Slash
CVE-2013-6000
Tattyan HP TOWN < 5_10_1 - Path Traversal via Dot-Dot Sequences
CVE-2013-3923
savysoda wifi_free_hd < 1.2 - Path Traversal via Encoded Dot-Dot-Slash in GET Request
CVE-2013-4524
Moodle <2.2.11, <2.3.10, <2.4.7, <2.5.3 - Path Traversal
CVE-2013-3922
FTP Drive + HTTP Server < 1.0.4 - Path Traversal via Encoded Dot-Dot-Slash
CVE-2013-6864
SAP Sybase ASE 15.0.3-15.0.3 ESD#4.3, 15.5-15.5 ESD#5.3, 15.7-15.7 SP50/SP100 Path Traversal
CVE-2013-6177
EMC Document Sciences xPression 4.1 SP1-4.5 - Authenticated Path Traversal
CVE-2013-6827
PineApp Mail-SeCure - Path Traversal via admin/viewmsg.php msg Parameter
CVE-2013-6821
SAP NetWeaver - Path Traversal via Exportability Check Service
CVE-2013-6688
Cisco Unified Communications Manager < 9.1(1) - Authenticated Path Traversal and Arbitrary File Write via License Upload
CVE-2013-4510
Tryton 3.0.0 - Path Traversal and Arbitrary File Write via Report Extension
CVE-2013-6226
Ajaxplorer < 5.0.3 - Path Traversal
CVE-2013-5554
Cisco WAAS Mobile <3.5.5 - Path Traversal
CVE-2013-3626
Verastream Host Integrator 6.0-7.5 SP 1 HF 1 - Remote Code Execution via Session Server
CVE-2013-5688
AjaXplorer <= 5.0.2 - Authenticated Path Traversal and Arbitrary File Write via Null Byte in File Parameter
CVE-2013-6023
TVT DVR Firmware < 3.2.0.p-3520a-03 - Path Traversal via URI
CVE-2013-1084
Novell ZENworks CM <11.2.3 - Path Traversal
CVE-2013-6127
WellinTech KingView < 6.53 - Arbitrary File Write via SUPERGRIDLib.SuperGrid ReplaceDBFile Method
CVE-2013-5534
Cisco Unity Connection - Path Traversal
CVE-2013-4173
Xymon < 4.3.12 - Unauthenticated Arbitrary File Deletion via Trend-Data Daemon Host Name
CVE-2013-5528
Cisco Unified Communications Manager - Path Traversal
CVE-2013-3541
AirLive WL2600CAM - Path Traversal via fileread READ.filePath Parameter
CVE-2013-5979
Xibo 1.2.x < 1.2.3 and 1.4.x < 1.4.2 - Path Traversal via Index.php p Parameter
CVE-2013-5692
X2Engine X2CRM < 3.5 - Authenticated Path Traversal via Translation Manager File Parameter
CVE-2013-2068
Red Hat CloudForms Management Engine 2.0 - Path Traversal and Arbitrary File Write
Details
Vulnerabilities
9,287
Exploit Likelihood
High