CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,280 vulnerabilities with CWE-22
CVE-2017-1279 MEDIUM
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 - Path Traversal via URL Request
CVSS 6.5
CVE-2017-16610 CRITICAL
Netgain Enterprise Manager < 7.2.766 - Unauthenticated Path Traversal and Arbitrary File Write via upload_save_do.jsp
CVSS 9.8
CVE-2017-16606 HIGH
NetGain Systems Enterprise Manager <7.2.730 - RCE
CVSS 8.8
CVE-2017-16605 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16604 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16603 HIGH
NetGain Systems Enterprise Manager <7.2.730 - RCE
CVSS 8.8
CVE-2017-16601 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - RCE
CVSS 6.5
CVE-2017-16600 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16599 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16598 HIGH
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 8.8
CVE-2017-16597 CRITICAL
NetGain Systems Enterprise Manager 7.2.730 build 1034 - RCE
CVSS 9.8
CVE-2017-16596 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - Info Disclosure
CVSS 6.5
CVE-2017-16595 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - Info Disclosure
CVSS 6.5
CVE-2017-16593 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-16592 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 - Info Disclosure
CVSS 6.5
CVE-2017-16591 MEDIUM
NetGain Systems Enterprise Manager <7.2.699 - Info Disclosure
CVSS 6.5
CVE-2017-10273 MEDIUM
Oracle JDeveloper 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0 - Authenticated Path Traversal
CVSS 4.7
CVE-2017-17662 HIGH
Yawcam 0.2.6-0.6.0 - Path Traversal via Dot-Slash Sequence Manipulation
CVSS 7.5
CVE-2017-1671 HIGH
IBM Tivoli Key Lifecycle Manager <2.8 - Path Traversal
CVSS 7.5
CVE-2017-15550 HIGH
EMC Avamar Server 7.1.x-7.5.0 - Authenticated Path Traversal
CVSS 8.8
CVE-2017-16720 CRITICAL
Advantech WebAccess <= 8.3.2 - Path Traversal
CVSS 9.8
CVE-2017-1000472 MEDIUM
POCO C++ Libraries <1.8 - Path Traversal
CVSS 6.5
CVE-2017-1000490 MEDIUM
Mautic 1.0.0-2.11.0 - Authenticated Path Traversal via Filemanager
CVSS 6.5
CVE-2017-1000501 CRITICAL
awstats < 7.6.0 - Unauthenticated Path Traversal and Remote Code Execution via Config and Migrate Parameters
CVSS 9.8
CVE-2017-1000448 HIGH
Structured Data Linter <2.4.1 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 9,280
Exploit Likelihood High