CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-25087 MEDIUM
RamseyK httpserver - Path Traversal
CVSS 5.3
CVE-2019-3556 HIGH
HHVM < 4.56.2, 4.57.0-4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0 - Arbitrary File Write via dump-pcre-cache Handler
CVSS 8.1
CVE-2019-9060 HIGH
CMS Made Simple 2.2.8 - Unauthenticated Path Traversal and Arbitrary File Read via CGExtensions Module
CVSS 7.5
CVE-2019-19877 MEDIUM
B&R Industrial Automation APROL < R4.2 - Path Traversal in AprolSqlServer
CVSS 5.3
CVE-2019-17640 CRITICAL
Eclipse Vert.x 3.4.0-3.9.4 - Path Traversal via StaticHandler on Windows
CVSS 9.8
CVE-2019-20916 HIGH
pip < 19.2 - Directory Traversal via Content-Disposition Header
CVSS 7.5
CVE-2019-4582 MEDIUM
IBM Maximo Asset Management <7.6.1 - Path Traversal
CVSS 4.3
CVE-2019-20851 CRITICAL
Mattermost Mobile Apps < 1.26.0 - Path Traversal and Arbitrary File Write via Video Preview Feature
CVSS 9.1
CVE-2019-16384 MEDIUM
Cybele Thinfinity VirtualUI <2.5.17.2 - Path Traversal
CVSS 6.5
CVE-2019-17572 MEDIUM
Apache RocketMQ 4.2.0-4.6.0 - Path Traversal via Automatic Topic Creation
CVSS 5.3
CVE-2019-18871 HIGH
Blaauw Remote Kiln Control <v3.00r4 - Path Traversal
CVSS 8.8
CVE-2019-18870 MEDIUM
Blaauw Remote Kiln Control <v3.00r4 - Path Traversal
CVSS 6.5
CVE-2019-19102 MEDIUM
B&R Automation Studio <4.2.x - Path Traversal
CVSS 5.5
CVE-2019-19486 MEDIUM
Centreon < 19.04.4 - Path Traversal via minPlayCommand.php Plugin Test
CVSS 6.5
CVE-2019-16064 CRITICAL
NETSAS Enigma NMS <65.0.0 - Path Traversal
CVSS 9.6
CVE-2019-13195 HIGH
Kyocera ECOSYS M5526cdw Firmware 2R7_2000.001.701 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2019-12182 CRITICAL
Safescan Timemoto & TA-8000 <1.0 - Path Traversal
CVSS 9.8
CVE-2019-19297 HIGH
SiNVR/SiVMS Video Server < V5.0.0 - Path Traversal
CVSS 7.5
CVE-2019-19296 MEDIUM
SiNVR/SiVMS Video Server < V5.0.0 - Path Traversal
CVSS 6.8
CVE-2019-19290 MEDIUM
Control Center Server < V1.5.0 - Path Traversal
CVSS 6.5
CVE-2019-3696 HIGH
pcp < 3.11.9-5.8.1 - Path Traversal and Arbitrary File Write
CVSS 8.4
CVE-2019-7007 HIGH
Avaya Equinox <R9.1.9.0 - Path Traversal
CVSS 7.5
CVE-2019-4674 MEDIUM
IBM Security Identity Manager <7.0.1 - Path Traversal
CVSS 4.9
CVE-2019-19893 HIGH
IXP EasyInstall 6.2.13723 - Unauthenticated Path Traversal via Engine Service
CVSS 7.5
CVE-2019-19834 HIGH
Ruckus Wireless Unleashed < 200.7.10.202.94 - Path Traversal via CLI Script Exec Parameter
CVSS 7.2
Details
Vulnerabilities 9,261
Exploit Likelihood High