CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,283 vulnerabilities with CWE-22
CVE-2017-2090 MEDIUM
CubeCart < 6.1.4 - Authenticated Path Traversal
CVSS 6.5
CVE-2017-8297 CRITICAL
simple-file-manager < 2017-04-19 - Path Traversal in index.php
CVSS 9.8
CVE-2017-8283 CRITICAL
dpkg 1.3.0-1.18.23 - Directory Traversal via Crafted Debian Source Package
CVSS 9.8
CVE-2017-8115 MEDIUM
MODX Revolution 2.5.7 - Path Traversal in Setup URL Search Processor
CVSS 5.3
CVE-2017-8104 MEDIUM
MyBB < 1.8.11 - Path Traversal via Smilie Module Pathfolder Parameter
CVSS 5.3
CVE-2017-7462 CRITICAL
Intellinet NFC-30ir IP Camera - RCE
CVSS 9.8
CVE-2017-7461 MEDIUM
Intellinet NFC-30ir IP Camera <LM.1.6.16.05 - Path Traversal
CVSS 4.9
CVE-2017-6190 HIGH
D-Link DWR-116 Firmware - Unauthenticated Path Traversal via UIR GET Request
CVSS 7.5
CVE-2017-7577 CRITICAL
XiongMai uc-httpd - Path Traversal via GET Request
CVSS 9.8
CVE-2017-7565 HIGH
Splunk Hadoop Connect App - Path Traversal
CVSS 8.8
CVE-2017-7358 HIGH
LightDM < 1.22.0 - Path Traversal and Privilege Escalation via Guest Account Logout
CVSS 7.3
CVE-2017-4980 HIGH
EMC Isilon OneFS <8.0.0.1 - Path Traversal
CVSS 7.5
CVE-2017-7258 HIGH
eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0 - Path Traversal
CVSS 7.5
CVE-2017-5899 HIGH
s-nail < 14.8.5 - Path Traversal via randstr Argument
CVSS 7.0
CVE-2017-7240 HIGH
Miele Professional PST10 - Path Traversal
CVSS 7.5
CVE-2017-5869 HIGH
Nuxeo Platform 6.0, 7.1-7.3 - Authenticated Path Traversal and Remote Code Execution via X-File-Name Header
CVSS 8.8
CVE-2017-3851 HIGH
Cisco IOx 1.0.0.0-1.1.0.0 - Unauthenticated Path Traversal via CAF Web Interface
CVSS 7.5
CVE-2017-6805 MEDIUM
MobaXterm Personal Edition 9.4 - Path Traversal
CVSS 5.3
CVE-2017-6510 HIGH
Easy File Sharing FTP Server < 3.6 - Path Traversal
CVSS 7.5
CVE-2017-6527 HIGH
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Path Traversal via viewAppletFsa.cgi seqID Parameter
CVSS 7.5
CVE-2017-5231 HIGH
Rapid7 Metasploit <4.13.0-2017020701 - Path Traversal
CVSS 7.1
CVE-2017-5229 HIGH
Rapid7 Metasploit <4.13.0-2017020701 - Path Traversal
CVSS 7.1
CVE-2017-5228 HIGH
Rapid7 Metasploit <4.13.0-2017020701 - Path Traversal
CVSS 7.1
CVE-2017-5982 HIGH
Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path
CVSS 7.5
CVE-2017-5946 CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
CVSS 9.8
Details
Vulnerabilities 9,283
Exploit Likelihood High