CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,280 vulnerabilities with CWE-22
CVE-2017-16153 HIGH
gaoxuyan - Path Traversal via URL Parameter
CVSS 7.5
CVE-2017-9664 CRITICAL
ABB SREA-01 <3.31.5 & SREA-50 <3.32.8 - Info Disclosure
CVSS 9.8
CVE-2017-2594 MEDIUM
hawtio < 1.5.0 - Path Traversal and Information Disclosure via NullPointerException
CVSS 5.4
CVE-2017-18263 HIGH
Seagate Personal Cloud Firmware < 4.3.18.4 - Path Traversal via getPhotoPlaylistPhotos.psp URL Parameter
CVSS 7.5
CVE-2017-1723 MEDIUM
IBM QRadar Security Information and Event Manager 7.2-7.3 - Path Traversal via URL Request
CVSS 6.5
CVE-2017-6020 MEDIUM
LAquis SCADA < 4.1.0.3237 - Path Traversal
CVSS 5.3
CVE-2017-12815 CRITICAL
Bomgar Remote Support Portal JavaStart.jar < 52790 - Path Traversal and Arbitrary File Manipulation via Malicious Applet
CVSS 10.0
CVE-2017-0918 HIGH
Gitlab CE <10.3 - Path Traversal, RCE
CVSS 8.8
CVE-2017-14384 MEDIUM
Dell Storage Manager <16.3.20 - Path Traversal
CVSS 6.5
CVE-2017-17223 HIGH
Huawei eSpace 7910 7950 8950 Firmware - Authenticated Path Traversal
CVSS 8.8
CVE-2017-16922 MEDIUM
Wowza Streaming Engine <4.7.1 - Path Traversal
CVSS 5.3
CVE-2017-9270 HIGH
cryptctl <2.0 - Privilege Escalation
CVSS 8.7
CVE-2017-14804 CRITICAL
Build Package <20171128 - Path Traversal
CVSS 9.9
CVE-2017-9447 HIGH
Parallels RAS 15.5 Build 16140 - Path Traversal
CVSS 7.5
CVE-2017-16814 MEDIUM
Foxit MobilePDF <6.1 - Path Traversal
CVSS 5.5
CVE-2017-18196 LOW
leptonica 1.74.4 - Path Traversal via /tmp Subdirectory
CVSS 3.3
CVE-2017-15712 MEDIUM
Apache Oozie 3.1.3-4.3.0 and 5.0.0-beta1 - Path Traversal via Workflow XML File
CVSS 6.5
CVE-2017-14537 MEDIUM
Trixbox 2.8.0 - Path Traversal
CVSS 6.5
CVE-2017-8961 HIGH
HPE IMC PLAT 7.3 E0504P02 - Path Traversal
CVSS 8.8
CVE-2017-8947 CRITICAL
HPE UCMDB 10.10-10.31 - Remote Code Execution
CVSS 9.8
CVE-2017-12560 MEDIUM
HPE Intelligent Management Center PLAT 7.3 E0504P2 - Remote Denial of Service
CVSS 6.5
CVE-2017-12559 MEDIUM
HPE Intelligent Management Center PLAT 7.3 E0504P2 - Remote Denial of Service
CVSS 6.5
CVE-2017-17108 CRITICAL
KonaKart eCommerce <8.7 - Path Traversal
CVSS 9.8
CVE-2017-18038 MEDIUM
Atlassian Bitbucket < 5.6.0 - Path Traversal via Default Branch Name
CVSS 5.3
CVE-2017-18037 MEDIUM
Atlassian Bitbucket Path Traversal via Git Tag Name
CVSS 6.5
Details
Vulnerabilities 9,280
Exploit Likelihood High