CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,271 vulnerabilities with CWE-22
CVE-2018-14056 MEDIUM
ZNC < 1.7.1-rc1 - Path Traversal via Web Skin Name
CVSS 5.3
CVE-2018-1000208 HIGH
MODX Revolution <=2.6.4 - Path Traversal
CVSS 7.5
CVE-2018-14036 MEDIUM
AccountsService <0.6.50 - Path Traversal
CVSS 6.5
CVE-2018-1000623 HIGH
JFrog Artifactory <6.0.3 - Path Traversal
CVSS 7.2
CVE-2018-13034 MEDIUM
Jester 0.2.0 - Path Traversal via Dot-Dot-Slash Encoding Bypass
CVSS 5.3
CVE-2018-6830 HIGH
Foscam Cameras - Path Traversal and Arbitrary File Deletion via URI Path Component
CVSS 7.5
CVE-2018-11543 HIGH
Sonus SBC 1000/2000/SWe Lite - Local File Inclusion via Web Interface
CVSS 7.5
CVE-2018-12976 CRITICAL
Go Doc Dot Org < 2018-06-27 - Remote Code Execution via Crafted Go-Import Tags
CVSS 9.8
CVE-2018-3766 HIGH
buttle <= 0.2.0 - Path Traversal
CVSS 7.5
CVE-2018-11051 HIGH
RSA Certificate Manager 6.9 build 560-564 - Unauthenticated Path Traversal in CMP and REST Enroll Servers
CVSS 7.5
CVE-2018-7771 HIGH
Schneider Electric U.motion Builder <1.3.4 - Path Traversal
CVSS 8.0
CVE-2018-7770 MEDIUM
Schneider Electric U.motion Builder <1.3.4 - File Upload
CVSS 6.5
CVE-2018-7764 MEDIUM
Schneider Electric U.motion Builder <1.3.4 - Path Traversal
CVSS 4.3
CVE-2018-7763 MEDIUM
Schneider Electric U.motion Builder <1.3.4 - Path Traversal
CVSS 4.3
CVE-2018-10860 MEDIUM
Canonical Ubuntu Linux - Path Traversal
CVSS 5.4
CVE-2018-12909 HIGH
webgrind 1.5 - Unauthenticated Path Traversal via index.php file Parameter
CVSS 7.5
CVE-2018-12895 HIGH
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion via Post Thumbnail Parameter
CVSS 8.8
CVE-2018-3760 HIGH
Redhat Cloudforms < 2.12.4 - Information Disclosure
CVSS 7.5
CVE-2018-4861 MEDIUM
SCALANCE M875 - Authenticated Path Traversal via Web Interface
CVSS 4.9
CVE-2018-1000550 CRITICAL
Sympa Community Sympa <6.2.32 - Path Traversal
CVSS 9.8
CVE-2018-1000532 MEDIUM
beep 1.3 and up - Denial of Service via Device Option Path Traversal
CVSS 4.7
CVE-2018-10956 HIGH
IPConfigure Orchid Core VMS 2.0.5 - Path Traversal
CVSS 7.5
CVE-2018-12631 HIGH
Redatam < 7 - Unauthenticated Path Traversal via LFN Parameter
CVSS 7.5
CVE-2018-0300 HIGH
Cisco FXOS - Authenticated Path Traversal and Arbitrary File Write via Application Image Upload
CVSS 7.2
CVE-2018-8727 HIGH
Mirasys DVMS Workstation <5.12.6 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,271
Exploit Likelihood High