CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,283 vulnerabilities with CWE-22
CVE-2017-8033 HIGH
Cloud Foundry CAPI-release < 1.35.0 & cf-release < 268 - Path Traversal & Arbitrary File Write
CVSS 7.8
CVE-2017-11589 CRITICAL
Cisco DDR2200/2201 - Info Disclosure
CVSS 9.8
CVE-2017-11587 HIGH
Cisco DDR2200/2201 - Path Traversal
CVSS 7.5
CVE-2017-10993 HIGH
Contao < 3.5.28 and 4.x < 4.4.1 - Remote Code Execution via Directory Traversal
CVSS 8.8
CVE-2017-11500 HIGH
MetInfo 5.3.17 - Path Traversal and Arbitrary File Deletion via filenames Parameter
CVSS 7.5
CVE-2017-11469 HIGH
IDERA Uptime Monitor 7.8 - Path Traversal
CVSS 7.5
CVE-2017-11456 HIGH
Geneko GWR Router Firmware - Unauthenticated Path Traversal via /../ Substring
CVSS 7.5
CVE-2017-11440 MEDIUM
Sitecore CMS 8.2 - Path Traversal via IDE.aspx fi Parameter
CVSS 4.9
CVE-2017-10708 HIGH
Apport < 2.20.6 - Remote Code Execution via Path Traversal in ExecutablePath Field
CVSS 7.8
CVE-2017-2240 MEDIUM
Hammock AssetView for MacOS <= 9.2.0 - Path Traversal via File Transfer Web Service
CVSS 6.5
CVE-2017-11348 MEDIUM
Octopus Deploy 3.x < 3.15.4 - Authenticated Path Traversal via NuGet PackageId
CVSS 5.7
CVE-2017-1000062 HIGH
kittoframework kitto <0.5.1 - Path Traversal/RCE
CVSS 7.5
CVE-2017-1000047 CRITICAL
rbenv - Directory Traversal and Arbitrary Code Execution via Ruby Version Specification
CVSS 9.8
CVE-2017-1000028 HIGH
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
CVSS 7.5
CVE-2017-1000026 HIGH
Chef Software's mixlib-archive <0.3.0 - Path Traversal
CVSS 7.5
CVE-2017-1000002 CRITICAL
ATutor <= 2.2.1 - Path Traversal and Code Execution via Course Component
CVSS 9.8
CVE-2017-8003 MEDIUM
EMC Data Protection Advisor < 6.4 - Authenticated Path Traversal
CVSS 4.9
CVE-2017-2245 MEDIUM
Shortcodes Ultimate <4.10.0 - Path Traversal
CVSS 5.0
CVE-2017-10974 HIGH
Yaws 1.91 - Unauthenticated Path Traversal via HTTP Directory Traversal with /%5C../
CVSS 7.5
CVE-2017-6704 MEDIUM
Cisco Prime Collaboration Provisioning Tool - Authenticated Arbitrary File Download via Path Traversal
CVSS 6.5
CVE-2017-9846 HIGH
Winmail Server 6.1 - Authenticated Remote Code Execution via netdisk.php move_folder_file Path Traversal
CVSS 8.8
CVE-2017-9833 HIGH
Boa 0.94.14rc21 - Path Traversal via FILECAMERA Parameter
CVSS 7.5
CVE-2017-9829 HIGH
VIVOTEK Network Cameras - Info Disclosure
CVSS 7.5
CVE-2017-2829 MEDIUM
Foscam C1 Indoor HD Camera Firmware 2.52.2.37 - Path Traversal via HTTP Request
CVSS 6.5
CVE-2017-9097 CRITICAL
Anti-Web <3.8.7 - Path Traversal
CVSS 9.1
Details
Vulnerabilities 9,283
Exploit Likelihood High