CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-22

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-3504 22 Dir. Trav. 2013-05-08 2013-05-08
5.5
 None Remote Low Single system None Partial Partial
Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account.
2 CVE-2013-3240 22 Dir. Trav. 2013-04-25 2013-04-26
6.5
 None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
3 CVE-2013-2560 22 Dir. Trav. 2013-03-15 2013-03-20
7.8
 None Remote Low Not required Complete None None
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
4 CVE-2013-1627 22 Dir. Trav. 2013-03-11 2013-03-18
7.8
 None Remote Low Not required Complete None None
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
5 CVE-2013-1608 22 Dir. Trav. 2013-03-26 2013-03-26
6.7
 None Local Network Low Single system Complete Partial Partial
Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors.
6 CVE-2013-1469 22 1 Dir. Trav. 2013-03-13 2013-03-19
4.0
 None Remote High Not required Partial None Partial
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
7 CVE-2013-1224 22 Dir. Trav. 2013-05-09 2013-05-09
7.1
 None Remote Medium Not required None Complete None
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
8 CVE-2013-1167 22 DoS Dir. Trav. 2013-04-11 2013-04-11
7.1
 None Remote Medium Not required None None Complete
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
9 CVE-2013-1156 22 Dir. Trav. 2013-05-01 2013-05-01
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
10 CVE-2013-1082 22 Dir. Trav. 2013-03-29 2013-03-29
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
11 CVE-2013-1081 22 Dir. Trav. 2013-03-11 2013-03-18
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
12 CVE-2013-1079 22 Dir. Trav. 2013-03-29 2013-04-02
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
13 CVE-2013-0911 22 Dir. Trav. 2013-03-05 2013-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
14 CVE-2013-0895 22 Dir. Trav. 2013-02-23 2013-04-10
7.5
 None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.
15 CVE-2013-0831 22 Dir. Trav. 2013-01-15 2013-02-07
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
16 CVE-2013-0705 22 Dir. Trav. 2013-02-15 2013-02-19
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors.
17 CVE-2013-0679 22 Dir. Trav. 2013-03-21 2013-03-22
4.0
 None Remote Low Single system Partial None None
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
18 CVE-2013-0673 22 Dir. Trav. 2013-05-01 2013-05-01
9.4
 None Remote Low Not required Complete None Complete
Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.
19 CVE-2013-0671 22 Dir. Trav. 2013-03-21 2013-03-22
4.0
 None Remote Low Single system Partial None None
Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.
20 CVE-2013-0653 22 Dir. Trav. 2013-01-27 2013-01-29
4.3
 None Remote Medium Not required Partial None None
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.
21 CVE-2013-0544 22 Dir. Trav. 2013-04-24 2013-04-24
5.5
 None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.
22 CVE-2013-0332 22 Dir. Trav. 2013-03-20 2013-03-21
5.0
 None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
23 CVE-2013-0262 22 Dir. Trav. 2013-02-08 2013-05-14
4.3
 None Remote Medium Not required Partial None None
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
24 CVE-2013-0141 22 Dir. Trav. 2013-05-01 2013-05-01
4.3
 None Local Network Medium Not required Partial Partial None
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.
25 CVE-2013-0084 22 Dir. Trav. Bypass 2013-03-12 2013-05-03
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
26 CVE-2012-6522 22 2 Dir. Trav. 2013-01-31 2013-01-31
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
27 CVE-2012-6500 22 1 Dir. Trav. 2013-01-11 2013-01-23
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
28 CVE-2012-6495 22 Exec Code Dir. Trav. 2013-01-02 2013-01-07
6.0
 None Remote Medium Single system Partial Partial Partial
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
29 CVE-2012-6324 22 Dir. Trav. 2012-12-21 2012-12-24
4.0
 None Remote Low Single system Partial None None
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
30 CVE-2012-6276 22 Dir. Trav. 2013-01-26 2013-01-28
4.3
 None Remote Medium Not required Partial None None
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.
31 CVE-2012-6080 22 Dir. Trav. 2013-01-02 2013-01-03
6.4
 None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
32 CVE-2012-6069 22 Dir. Trav. 2013-01-21 2013-01-23
10.0
 None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener service.
33 CVE-2012-6064 22 1 Dir. Trav. CSRF 2012-12-03 2012-12-04
3.5
 None Remote Medium Single system None Partial None
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.
34 CVE-2012-6038 22 1 Dir. Trav. 2012-11-26 2012-11-27
6.5
 None Remote Low Single system Partial Partial Partial
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
35 CVE-2012-5978 22 Dir. Trav. 2012-12-19 2013-03-11
5.0
 None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
36 CVE-2012-5972 22 Dir. Trav. 2013-01-17 2013-01-18
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
37 CVE-2012-5969 22 Dir. Trav. 2012-12-19 2012-12-19
4.8
 None Local Network Low Not required Partial Partial None
Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi.
38 CVE-2012-5931 22 Dir. Trav. 2012-12-24 2013-01-08
5.5
 None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
39 CVE-2012-5907 22 1 Dir. Trav. 2012-11-17 2012-11-19
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
40 CVE-2012-5687 22 Dir. Trav. 2012-11-01 2012-11-02
7.8
 None Remote Low Not required Complete None None
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
41 CVE-2012-5386 22 Dir. Trav. 2012-10-11 2012-10-22
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
42 CVE-2012-5344 22 Dir. Trav. 2012-10-09 2013-01-30
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
43 CVE-2012-5335 22 1 Dir. Trav. 2012-10-08 2013-01-31
4.0
 None Remote Low Single system Partial None None
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
44 CVE-2012-5331 22 1 Dir. Trav. 2012-10-08 2013-01-31
6.8
 None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
45 CVE-2012-5185 22 Dir. Trav. 2013-01-19 2013-01-29
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access.
46 CVE-2012-5171 22 Dir. Trav. 2012-11-08 2012-12-28
5.0
 None Remote Low Not required None Partial None
Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file.
47 CVE-2012-5100 22 Dir. Trav. 2012-09-23 2012-09-24
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
48 CVE-2012-5051 22 Dir. Trav. 2012-10-05 2013-02-02
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors.
49 CVE-2012-4997 22 1 Dir. Trav. 2012-09-19 2012-09-21
7.5
 None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
50 CVE-2012-4991 22 1 Dir. Trav. 2012-12-13 2012-12-13
8.5
 None Remote Low Single system Complete Complete None
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
Total number of vulnerabilities : 1433   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.