CWE-73
High likelihoodExternal Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
450 vulnerabilities with CWE-73
CVE-2020-2504
MEDIUM
QNAP QES < 2.1.1 - Path Traversal in File Station
CVSS 5.8
CVE-2020-26078
MEDIUM
Cisco IoT FND - Privilege Escalation
CVSS 6.5
CVE-2020-15264
HIGH
Boxstarter <2.13.0 - Code Injection
CVSS 8.0
CVE-2020-6105
HIGH
f2fs-tools < 1.14.0 - Remote Code Execution via Malicious Filesystem
CVSS 7.8
CVE-2020-8553
MEDIUM
Kubernetes ingress-nginx <0.28.0 - Privilege Escalation
CVSS 5.9
CVE-2020-5297
LOW
OctoberCMS 1.0.319-1.0.465 - Authenticated Arbitrary File Upload via Asset Manager
CVSS 3.4
CVE-2020-5296
MEDIUM
OctoberCMS <1.0.466 - Privilege Escalation
CVSS 6.2
CVE-2020-2009
HIGH
Palo Alto Networks PAN-OS <8.1.14, <9.0.7 - Remote Code Execution
CVSS 7.2
CVE-2020-2008
HIGH
PAN-OS 7.1.0-7.1.25 and 8.0 - Authenticated OS Command Injection and Arbitrary File Deletion
CVSS 7.2
CVE-2020-2003
MEDIUM
PAN-OS 7.1.0-7.1.25 - Authenticated Arbitrary File Deletion via Command Processing
CVSS 6.5
CVE-2020-1631
HIGH
KEV
Juniper Junos - Unauthenticated Path Traversal and Command Injection via HTTP/HTTPS Service
CVSS 8.8
CVE-2020-1984
HIGH
Secdo - Privilege Escalation via Hardcoded Script Path
CVSS 7.8
CVE-2020-9752
CRITICAL
Naver Cloud Explorer <2.2.2.11 - Privilege Escalation
CVSS 9.8
CVE-2019-25618
MEDIUM
AdminExpress 1.2.5 Denial of Service via System Compare
CVSS 6.2
CVE-2019-25472
HIGH
IntelBras TIP200/TIP200 LITE - Info Disclosure
CVSS 7.5
CVE-2019-3681
HIGH
osc <0.169.1-3.20.1 - Path Traversal
CVSS 7.5
CVE-2019-14905
MEDIUM
Ansible Engine < 2.7.16 - OS Command Injection via nxos_file_copy Module
CVSS 5.6
CVE-2018-19945
CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-17246
CRITICAL
Kibana <6.4.3, 5.6.13 - Code Injection
CVSS 9.8
CVE-2018-14820
HIGH
Advantech WebAccess <8.3.1 - Path Traversal
CVSS 7.5
CVE-2018-7495
HIGH
Advantech WebAccess <8.3.1 - File Name/Path Vuln
CVSS 7.5
CVE-2014-125059
MEDIUM
sternenseemann sternenblog <0.1.0 - Path Traversal
CVSS 5.0
CVE-2014-125044
MEDIUM
soshtolsus wing-tight <1.0.0 - File Inclusion
CVSS 6.3
CVE-2014-2375
Ecava IntegraXor SCADA Server <4.1.4360-4.1.4392 - Info Disclosure
CVE-2011-10030
HIGH
Foxit PDF Reader < 4.3.1.0218 - Code Injection
Details
Vulnerabilities
450
Exploit Likelihood
High