Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-35

CWE-35

Path Traversal: '.../...//'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

169 vulnerabilities with CWE-35

CVE-2023-21417 HIGH

AXIS OS Path Traversal via VAPIX API manageoverlayimage.cgi

CVE-2023-21416 HIGH

AXIS OS < 11.7.57 and AXIS OS 2022 < 10.12.213 - Authenticated Denial of Service via VAPIX API dynamicoverlay.cgi

CVE-2023-21415 MEDIUM

AXIS OS - Authenticated Path Traversal and Arbitrary File Deletion via VAPIX API overlay_del.cgi

CVE-2023-39916 CRITICAL

Routinator 0.9.0-0.12.1 and 0.14.0-0.14.2 - Path Traversal in RRDP Response Storage

CVE-2023-32714 HIGH

Splunk App for Lookup File Editing < 4.0.1 - Path Traversal and Arbitrary File Write

CVE-2022-48476 HIGH

JetBrains Ktor < 2.3.0 - Path Traversal via resolveResource Method

CVE-2022-3693 HIGH

FileOrbis File Management System < 10.6.3 - Path Traversal

CVE-2022-36928 MEDIUM

Zoom for Android < 5.13.0 - Path Traversal and Arbitrary File Write via Application Data Directory

CVE-2022-46826 MEDIUM

JetBrains IntelliJ IDEA <2022.3 - Path Traversal

CVE-2022-2265 HIGH

Identity and Directory Management System < 2.1.25 - Unauthenticated Path Traversal

CVE-2022-24774 HIGH

CycloneDX BOM Repository Server < 2.0.1 - Path Traversal and Denial of Service via Directory Manipulation

CVE-2021-1132 MEDIUM

Cisco Network Services Orchestrator - Unauthenticated Path Traversal via HTTP Request

CVE-2021-1364 MEDIUM

Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection

CVE-2021-1357 MEDIUM

Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection

CVE-2021-1355 MEDIUM

Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection

CVE-2021-1282 MEDIUM

Cisco Unified Communications Manager and IM & Presence Service < 11.5(1)su9 - Path Traversal and SQL Injection

CVE-2020-26073 HIGH

Cisco Catalyst SD-WAN Manager - Unauthenticated Path Traversal via API Requests

CVE-2020-27130 CRITICAL

Cisco Security Manager - Info Disclosure

CVE-2018-3744 CRITICAL

html-pages - Path Traversal via cURL

Previous Page 7 of 7

Details

Vulnerabilities 169

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy