CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,285 vulnerabilities with CWE-22
CVE-2016-7552 CRITICAL
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Path Traversal & File Deletion via Session ID
CVSS 9.8
CVE-2016-4320 MEDIUM
Atlassian Bitbucket Server <4.7.1 - Path Traversal
CVSS 4.3
CVE-2016-10048 HIGH
ImageMagick 6.9.4-7 - Path Traversal
CVSS 7.5
CVE-2016-7135 MEDIUM
Plone 4.2.x-4.3.11 5.x-5.0.6 - Directory Traversal via Theme Resource Editor
CVSS 4.9
CVE-2016-9164 HIGH
CA Unified Infrastructure Management <8.4 SP1 - Path Traversal
CVSS 7.5
CVE-2016-4314 MEDIUM
WSO2 Carbon 4.4.5 - Authenticated Path Traversal via LogViewer Admin Service LogFile Parameter
CVSS 4.9
CVE-2016-9364 HIGH
Fidelix FX-20 <11.50.19 - Path Traversal
CVSS 7.5
CVE-2016-9357 MEDIUM
Eaton ePDUs <June 30, 2015 - Path Traversal
CVSS 5.3
CVE-2016-9351 HIGH
Advantech SUISAccess Server <3.0 - Path Traversal
CVSS 7.0
CVE-2016-9339 MEDIUM
INTERSCHALT Maritime Systems VDR G4e <5.220 - Path Traversal
CVSS 5.3
CVE-2016-5803 HIGH
CA Unified Infrastructure Management <8.47 - Path Traversal
CVSS 8.6
CVE-2016-4987 MEDIUM
Jenkins Image Gallery < 1.4 - Path Traversal
CVSS 6.5
CVE-2016-4986 HIGH
Jenkins Tap < 1.25 - Path Traversal
CVSS 7.5
CVE-2016-8211 HIGH
EMC Data Protection Advisor <6.2.3 - Path Traversal
CVSS 7.5
CVE-2016-8933 MEDIUM
IBM Kenexa LMS on Cloud - Path Traversal via Dot Dot Sequences
CVSS 6.5
CVE-2016-5941 MEDIUM
IBM Kenexa LMS on Cloud - Path Traversal via Dot Dot Sequences
CVSS 5.7
CVE-2016-8913 MEDIUM
IBM Kenexa LMS on Cloud <13.2.4 - Path Traversal
CVSS 6.5
CVE-2016-6126 MEDIUM
IBM Kenexa LMS on Cloud <13.2.4 - Path Traversal
CVSS 6.5
CVE-2016-10173 HIGH
minitar < 0.6 and archive-tar-minitar < 0.5.2 - Path Traversal via TAR Archive Entry
CVSS 7.5
CVE-2016-6269 CRITICAL
Trend Micro Smart Protection Server <3.0.1330 - Path Traversal
CVSS 9.1
CVE-2016-10184 HIGH
D-Link DWR-932B Firmware - Path Traversal via qmiweb
CVSS 7.5
CVE-2016-10183 HIGH
D-Link DWR-932B Firmware - Path Traversal via qmiweb Directory Listing
CVSS 7.5
CVE-2016-7569 MEDIUM
docker2aci < 0.13.0 - Path Traversal and Arbitrary File Write via Embedded Layer Data
CVSS 5.5
CVE-2016-6601 HIGH
ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal
CVSS 7.5
CVE-2016-6600 CRITICAL
ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal
CVSS 9.8
Details
Vulnerabilities 9,285
Exploit Likelihood High