CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-22

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4004 22 Dir. Trav. 2016-04-12 2016-04-18
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
2 CVE-2016-3976 22 Dir. Trav. 2016-04-07 2016-04-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to CrashFileDownloadServlet, aka SAP Security Note 2234971.
3 CVE-2016-3972 22 Dir. Trav. 2016-04-18 2016-04-19
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
4 CVE-2016-2389 22 Dir. Trav. 2016-02-16 2016-03-03
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the Manufacturing Integration and Intelligence (xMII) component in SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2230978.
5 CVE-2016-2289 22 Dir. Trav. 2016-04-01 2016-04-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
6 CVE-2016-2097 22 Dir. Trav. 2016-04-07 2016-04-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
7 CVE-2016-1593 22 Dir. Trav. 2016-04-22 2016-04-28
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
8 CVE-2016-1525 22 Dir. Trav. 2016-02-12 2016-03-10
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
9 CVE-2016-1231 22 Dir. Trav. 2016-01-12 2016-01-21
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
10 CVE-2016-1145 22 Dir. Trav. 2016-01-30 2016-03-10
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
11 CVE-2016-0855 22 Dir. Trav. 2016-01-14 2016-01-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
12 CVE-2016-0784 22 Dir. Trav. 2016-04-11 2016-04-14
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
13 CVE-2016-0752 22 Dir. Trav. 2016-02-15 2016-03-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
14 CVE-2016-0709 22 Exec Code Dir. Trav. 2016-04-11 2016-04-20
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
15 CVE-2015-8794 22 Dir. Trav. 2016-01-29 2016-02-25
4.0
None Remote Low Single system Partial None None
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
16 CVE-2015-8770 22 Exec Code Dir. Trav. 2016-01-29 2016-02-23
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
17 CVE-2015-8565 22 Dir. Trav. 2015-12-16 2015-12-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
18 CVE-2015-8564 22 Dir. Trav. 2015-12-16 2015-12-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
19 CVE-2015-8358 22 Dir. Trav. 2015-12-16 2015-12-17
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
20 CVE-2015-8357 22 DoS Dir. Trav. +Info 2015-12-16 2015-12-17
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
21 CVE-2015-8228 22 Dir. Trav. 2015-11-24 2015-11-25
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
22 CVE-2015-7907 22 Dir. Trav. Bypass 2015-12-21 2015-12-22
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
23 CVE-2015-7815 22 Dir. Trav. 2015-11-16 2015-11-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
24 CVE-2015-7603 22 Dir. Trav. 2015-09-29 2015-09-30
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
25 CVE-2015-7602 22 Dir. Trav. 2015-09-29 2015-10-13
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
26 CVE-2015-7601 22 Dir. Trav. 2015-09-29 2015-09-30
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
27 CVE-2015-7372 22 Dir. Trav. 2015-10-14 2015-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
28 CVE-2015-7254 22 Dir. Trav. 2015-11-06 2015-11-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
29 CVE-2015-7250 22 Dir. Trav. 2015-12-30 2015-12-30
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
30 CVE-2015-7237 22 Dir. Trav. +Info 2015-09-18 2015-09-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
31 CVE-2015-7037 22 Dir. Trav. 2015-12-11 2015-12-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
32 CVE-2015-7006 22 Exec Code Dir. Trav. 2015-10-23 2015-10-26
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
33 CVE-2015-6914 22 Dir. Trav. 2015-09-11 2015-09-14
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.
34 CVE-2015-6833 22 Dir. Trav. 2016-01-19 2016-01-22
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
35 CVE-2015-6500 22 DoS Dir. Trav. 2015-10-26 2015-10-28
7.5
None Remote Low Single system Partial None Complete
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
36 CVE-2015-6459 22 Dir. Trav. 2015-09-18 2015-09-23
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
37 CVE-2015-6406 22 Dir. Trav. 2015-12-12 2015-12-14
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.
38 CVE-2015-5766 22 Dir. Trav. 2015-08-16 2015-08-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
39 CVE-2015-5688 22 Dir. Trav. 2015-09-04 2015-09-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
40 CVE-2015-5650 22 Dir. Trav. 2015-10-05 2015-10-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.
41 CVE-2015-5638 22 Dir. Trav. 2015-09-20 2015-09-23
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
42 CVE-2015-5531 22 Dir. Trav. 2015-08-17 2015-08-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
43 CVE-2015-5482 22 Dir. Trav. 2015-08-18 2015-08-19
4.0
None Remote Low Single system None None Partial
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
44 CVE-2015-5472 22 Dir. Trav. 2015-09-15 2015-09-16
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
45 CVE-2015-5471 22 Dir. Trav. 2016-01-12 2016-01-20
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
46 CVE-2015-5353 22 Dir. Trav. 2015-07-01 2015-07-02
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
47 CVE-2015-5345 22 Dir. Trav. 2016-02-24 2016-04-25
5.0
None Remote Low Not required Partial None None
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
48 CVE-2015-5322 22 Dir. Trav. 2015-11-25 2016-04-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CloudBees Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
49 CVE-2015-5313 22 Dir. Trav. 2016-04-11 2016-04-20
1.9
None Local Medium Not required None Partial None
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
50 CVE-2015-5305 22 Dir. Trav. 2015-11-06 2015-11-09
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Total number of vulnerabilities : 1857   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.