CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-10767 HIGH
iobroker.js-controller < 2.0.25 - Path Traversal via Adapter File Request
CVSS 7.5
CVE-2019-16540 MEDIUM
Jenkins Support Core Plugin <2.63 - Path Traversal
CVSS 6.5
CVE-2019-10765 CRITICAL
iobroker.admin < 3.6.12 - Path Traversal
CVSS 9.8
CVE-2019-3423 MEDIUM
ZTE C520V21 Firmware < 2.1.14 - Path Traversal via URL
CVSS 5.3
CVE-2019-18978 MEDIUM
Rack CORS Middleware <1.0.4 - Path Traversal
CVSS 5.3
CVE-2019-3662 MEDIUM
McAfee Advanced Threat Defense < 4.8 - Authenticated Path Traversal via HTTP Request
CVSS 6.5
CVE-2019-18951 HIGH
SibSoft Xfilesharing <2.5.1 - Path Traversal
CVSS 7.5
CVE-2019-18924 MEDIUM
Systematic IRIS WebForms 5.4 - Path Traversal
CVSS 5.3
CVE-2019-17327 HIGH
JEUS 7 Fix#0-5 and JEUS 8 Fix#0-1 - Path Traversal and Remote Code Execution via Installation File Upload
CVSS 7.2
CVE-2019-16876 HIGH
Portainer < 1.22.1 - Path Traversal
CVSS 7.5
CVE-2019-15004 HIGH
Atlassian Jira Service Desk Path Traversal via Customer Context Filter
CVSS 7.5
CVE-2019-15003 MEDIUM
Atlassian Jira Service Desk < 3.9.17 - Path Traversal
CVSS 5.3
CVE-2019-10218 MEDIUM
Samba <4.11.2, 4.10.10, 4.9.15 - Path Traversal
CVSS 6.5
CVE-2019-18665 HIGH
SECUDOS DOMOS <5.6 - Local File Inclusion
CVSS 7.5
CVE-2019-13551 CRITICAL
Advantech WISE-PaaS/RMM <3.3.29 - Path Traversal
CVSS 9.8
CVE-2019-17324 MEDIUM
ClipSoft REXPERT < 1.0.0.527 - Path Traversal via HTTP POST Request
CVSS 6.5
CVE-2019-17322 MEDIUM
ClipSoft REXPERT < 1.0.0.527 - Path Traversal and Arbitrary File Write via POST Request
CVSS 6.5
CVE-2019-3976 HIGH
MikroTik RouterOS < 6.44.5 and < 6.45.6 - Authenticated Directory Traversal via Upgrade Package Name Field
CVSS 8.8
CVE-2019-10743 MEDIUM
archiver 3.0.0-3.3.1 - Path Traversal via Zip Slip in Unarchive Functions
CVSS 5.5
CVE-2019-18189 CRITICAL
Trend Micro Apex One/OfficeScan/Worry-Free Business Security - Path Traversal & Auth Bypass
CVSS 9.8
CVE-2019-18187 HIGH KEV
Trend Micro OfficeScan 11.0/XG 12.0 Path Traversal & RCE via Zip Extraction
CVSS 7.5
CVE-2019-14450 CRITICAL
Repetier-Server <0.91 - Path Traversal
CVSS 9.8
CVE-2019-17224 MEDIUM
Compal CH7465LG Firmware CH7465LG-NCIP-6.12.18.25-2p6-NOSH - Path Traversal via %2f Encoding
CVSS 5.3
CVE-2019-4400 MEDIUM
IBM Cloud Orchestrator <2.4.0.5, <2.5.0.9 - Path Traversal
CVSS 4.3
CVE-2019-18393 MEDIUM
Openfire < 4.4.2 - Path Traversal via PluginServlet.java
CVSS 5.3
Details
Vulnerabilities 9,261
Exploit Likelihood High