CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-22

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5541 22 Dir. Trav. 2017-01-20 2017-01-26
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
2 CVE-2017-5480 22 Dir. Trav. 2017-01-15 2017-01-18
5.5
None Remote Low Single system Partial Partial None
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
3 CVE-2017-5182 22 Dir. Trav. 2017-01-23 2017-01-26
7.8
None Remote Low Not required Complete None None
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
4 CVE-2017-5143 22 Dir. Trav. 2017-02-13 2017-02-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
5 CVE-2016-1000112 22 Dir. Trav. 2016-10-06 2017-01-15
9.4
None Remote Low Not required Complete Complete None
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
6 CVE-2016-10184 22 Dir. Trav. 2017-01-29 2017-02-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
7 CVE-2016-10183 22 Dir. Trav. 2017-01-29 2017-02-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
8 CVE-2016-10106 22 Dir. Trav. 2017-01-03 2017-01-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.
9 CVE-2016-10039 22 Dir. Trav. File Inclusion 2016-12-24 2016-12-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
10 CVE-2016-10038 22 Dir. Trav. File Inclusion 2016-12-24 2016-12-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
11 CVE-2016-10037 22 Dir. Trav. File Inclusion 2016-12-24 2016-12-30
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
12 CVE-2016-9950 22 Dir. Trav. 2016-12-16 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
13 CVE-2016-9878 22 Dir. Trav. 2016-12-29 2017-01-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
14 CVE-2016-9351 22 Dir. Trav. 2017-02-13 2017-02-17
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
15 CVE-2016-9210 22 Dir. Trav. 2016-12-13 2017-01-04
5.0
None Remote Low Not required None None Partial
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).
16 CVE-2016-9208 22 Dir. Trav. 2016-12-13 2016-12-22
4.0
None Remote Low Single system Partial None None
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).
17 CVE-2016-9199 22 Dir. Trav. 2016-12-13 2016-12-22
6.8
None Remote Low Single system Complete None None
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0.
18 CVE-2016-9177 22 Dir. Trav. 2016-11-04 2016-11-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
19 CVE-2016-8933 22 Dir. Trav. 2017-02-01 2017-02-07
4.0
None Remote Low Single system Partial None None
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
20 CVE-2016-8913 22 Dir. Trav. 2017-02-01 2017-02-07
4.0
None Remote Low Single system Partial None None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
21 CVE-2016-8827 22 Dir. Trav. 2016-12-16 2016-12-22
5.0
None Remote Low Not required Partial None None
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
22 CVE-2016-8343 22 Dir. Trav. 2016-10-05 2016-12-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
23 CVE-2016-8280 22 Dir. Trav. 2016-10-03 2016-10-04
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.
24 CVE-2016-8207 22 Dir. Trav. 2017-01-14 2017-02-10
5.0
None Remote Low Not required Partial None None
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.
25 CVE-2016-8206 22 Dir. Trav. 2017-01-14 2017-02-10
6.4
None Remote Low Not required None Partial Partial
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
26 CVE-2016-8205 22 Dir. Trav. 2017-01-14 2017-02-10
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
27 CVE-2016-8204 22 Dir. Trav. 2017-01-14 2017-02-10
10.0
None Remote Low Not required Complete Complete Complete
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
28 CVE-2016-7982 22 Dir. Trav. 2017-01-18 2017-01-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
29 CVE-2016-7569 22 Dir. Trav. 2017-01-27 2017-02-05
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.
30 CVE-2016-7169 22 Dir. Trav. 2017-01-04 2017-01-06
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
31 CVE-2016-7116 22 Dir. Trav. 2016-12-09 2016-12-12
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
32 CVE-2016-7087 22 Dir. Trav. +Info 2016-12-29 2017-01-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
33 CVE-2016-6896 22 DoS Dir. Trav. 2017-01-18 2017-01-20
5.5
None Remote Low Single system Partial None Partial
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
34 CVE-2016-6614 22 Dir. Trav. 2016-12-10 2016-12-14
4.3
None Remote Medium Not required Partial None None
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
35 CVE-2016-6601 22 Dir. Trav. 2017-01-23 2017-02-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
36 CVE-2016-6600 22 Dir. Trav. 2017-01-23 2017-02-07
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
37 CVE-2016-6517 22 Dir. Trav. 2017-01-23 2017-01-25
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
38 CVE-2016-6371 22 Dir. Trav. 2016-09-12 2016-12-12
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.
39 CVE-2016-6370 22 Dir. Trav. 2016-09-12 2016-12-12
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
40 CVE-2016-6321 22 Dir. Trav. Bypass 2016-12-09 2017-01-06
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
41 CVE-2016-6269 22 Dir. Trav. 2017-01-30 2017-02-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
42 CVE-2016-6232 22 Dir. Trav. 2016-08-02 2016-11-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
43 CVE-2016-6138 22 Dir. Trav. 2016-08-05 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
44 CVE-2016-6126 22 Dir. Trav. 2017-02-01 2017-02-07
4.0
None Remote Low Single system Partial None None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
45 CVE-2016-6038 22 Dir. Trav. 2016-09-26 2016-11-28
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
46 CVE-2016-6023 22 Dir. Trav. 2016-10-06 2016-11-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
47 CVE-2016-5970 22 Dir. Trav. 2016-09-26 2016-11-28
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
48 CVE-2016-5941 22 Dir. Trav. 2017-02-01 2017-02-05
3.5
None Remote Medium Single system Partial None None
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
49 CVE-2016-5765 22 Dir. Trav. 2016-11-29 2016-12-23
4.3
None Remote Medium Not required Partial None None
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.
50 CVE-2016-5725 22 Dir. Trav. 2017-01-19 2017-01-20
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Total number of vulnerabilities : 1947   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.