Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,222 vulnerabilities with CWE-22

CVE-2021-22685 MEDIUM

Cassia Networks Access Controller <2.0.1 - Info Disclosure

CVE-2021-20030 HIGH

SonicWall Global Management System < 9.3.2 - Unauthenticated Path Traversal

CVE-2021-33354 HIGH

htmly < 2.8.1 - Path Traversal and Arbitrary File Deletion via File Parameter

CVE-2021-3856 MEDIUM

Keycloak < 15.1.0 - Unauthenticated Arbitrary File Read via Theme Resource Path Traversal

CVE-2021-3688 MEDIUM

Red Hat JBoss Core Services HTTP Server - Path Traversal via Dot-Dot-Semicolon Bypass

CVE-2021-40285 HIGH

htmly 2.8.1 - Arbitrary File Deletion via Backup View Component

CVE-2021-42052 HIGH

IPESA e-Flow 3.3.6 - Path Traversal via R Query Parameter

CVE-2021-27798 MEDIUM

Brocade Fabric OS <7.4.1b,7.3.1d - Privilege Escalation

CVE-2021-22650 HIGH

Ovarro TWinSoft < 12.4 - Path Traversal and Remote Code Execution via Malicious TPG File

CVE-2021-46830 MEDIUM

GoAnywhere MFT <6.8.3 - Path Traversal

CVE-2021-41031 HIGH

FortiClient for Windows <7.0.2-6.4.6-6.2.9 - Path Traversal

CVE-2021-41636 MEDIUM

MELAG FTP Server 2.2.0.4 - Path Traversal via CWD Command

CVE-2021-33036 HIGH

Apache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation

CVE-2021-42811 LOW

SafeNet KeySecure < 8.12.4 - Authenticated Arbitrary File Read via Path Traversal

CVE-2021-40668 HIGH

HTTP File Server 1.4.1 - Path Traversal

CVE-2021-32964 MEDIUM

AGG Software Web Server <4.0.40.1014 - Path Traversal

CVE-2021-42643 HIGH

cmseasy 7.7.5_20211012 - Arbitrary File Write and Remote Code Execution

CVE-2021-33005 HIGH

mySCADA myPRO <8.20.0 - File Upload

CVE-2021-27771 HIGH

HCL Sametime - Path Traversal and Arbitrary File Upload via User SID Manipulation

CVE-2021-38693 MEDIUM

QNAP QTS < 4.5.4.1991 and QuTS hero < h5.0.0.1949 and QuTScloud < c5.0.1.1949 - Path Traversal

CVE-2021-42183 HIGH

MasaCMS 7.2.1 - Path Traversal via /index.cfm/_api/asset/image/

CVE-2021-45783 MEDIUM

Bookeen Notea Firmware BK_R_1.0.5_20210608 - Path Traversal

CVE-2021-43930 MEDIUM

Elcomplus SmartPTT - Path Traversal

CVE-2021-46421 HIGH

Franklin Fueling Systems FFS T5 Series 1.8.7.7299 - Path Traversal

CVE-2021-46420 HIGH

Franklin Fueling Systems FFS TS-550 evo <2.23.4.8936 - Path Traversal

Previous Page 190 of 369 Next

Details

Vulnerabilities 9,222

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy