CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-4252 HIGH
IBM Rational Collaborative Lifecycle Management 6.0-6.0.6.1 - Path Traversal via URL Request
CVSS 7.5
CVE-2019-1621 HIGH
Cisco Data Center Network Manager - Unauthenticated Path Traversal via Web Interface URL Request
CVSS 7.5
CVE-2019-1620 CRITICAL
Cisco Data Center Network Manager - Unauthenticated Arbitrary File Write and Remote Code Execution
CVSS 9.8
CVE-2019-10720 HIGH
BlogEngine.NET < 3.3.7.0 - Directory Traversal and Remote Code Execution via Theme Cookie
CVSS 8.8
CVE-2019-10719 HIGH
BlogEngine.NET < 3.3.7.0 - Directory Traversal and Remote Code Execution via Upload API
CVSS 8.8
CVE-2019-12901 HIGH
Pydio Cells < 1.5.0 - Path Traversal and Arbitrary File Write via Directory Traversal
CVSS 8.8
CVE-2019-3737 HIGH
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 - Local File Inclusion via Specially Crafted Request
CVSS 7.5
CVE-2019-4384 MEDIUM
IBM Campaign <10.1 - Path Traversal
CVSS 4.3
CVE-2019-10257 HIGH
Zucchetti HR Portal < 2019-03-15 - Unauthenticated Path Traversal via Dot-Dot-Slash Notation
CVSS 7.5
CVE-2019-7315 HIGH
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera <3.x ...
CVSS 7.5
CVE-2019-12146 CRITICAL
WS_FTP Server <8.6.1 - Path Traversal
CVSS 9.1
CVE-2019-12145 HIGH
Progress ipswitch WS_FTP Server <8.6.1 - Path Traversal
CVSS 7.5
CVE-2019-12144 CRITICAL
WS_FTP Server <8.6.1 - Path Traversal, RCE
CVSS 9.8
CVE-2019-12143 MEDIUM
Progress ipswitch WS_FTP Server <8.6.1 - Path Traversal
CVSS 5.3
CVE-2019-12477 MEDIUM
Supra Smart Cloud TV Remote File Inclusion
CVSS 5.5
CVE-2019-8320 HIGH
RubyGems 2.7.6-3.0.2 - Path Traversal via Symlink Deletion
CVSS 7.4
CVE-2019-9157 MEDIUM
Gemalto DS3 Authentication Server < 3.1.0 - Local File Disclosure via Path Traversal
CVSS 5.7
CVE-2019-8385 CRITICAL
Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal
CVSS 9.8
CVE-2019-12276 HIGH
GrandNode 4.40 - Unauthenticated Path Traversal via LetsEncrypt Controller
CVSS 7.5
CVE-2019-9642 CRITICAL
Pydio < 8.2.2 - Unauthenticated Remote Code Execution via Proxy PHP File Inclusion
CVSS 9.8
CVE-2019-5356 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2019-10009 MEDIUM
Titan FTP Server 2019 Build 3505 - Path Traversal
CVSS 6.5
CVE-2019-12169 HIGH
ATutor 2.2.1-2.2.4 - Path Traversal and Arbitrary File Upload via Language Import ZIP Archive
CVSS 8.8
CVE-2019-6754 HIGH
Foxit Reader < 9.4.1.16828 and PhantomPDF < 8.3.9.41099 - Remote Code Execution via Path Traversal in localFileStorage
CVSS 7.8
CVE-2019-12310 CRITICAL
ExaGrid <4.8.1.1044.P50 - Path Traversal
CVSS 9.8
Details
Vulnerabilities 9,261
Exploit Likelihood High