CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,285 vulnerabilities with CWE-22
CVE-2016-6517 CRITICAL
Liferay 5.1.0 - Path Traversal via minifierBundleDir Parameter
CVSS 9.8
CVE-2016-5725 MEDIUM
JCraft JSch <0.1.54 - Path Traversal
CVSS 5.9
CVE-2016-6896 HIGH
WordPress Traversal Directory DoS
CVSS 7.1
CVE-2016-7982 HIGH
SPIP < 3.1.2 - Path Traversal via var_url Parameter
CVSS 7.5
CVE-2016-2087 HIGH
HexChat 2.11.0 - Path Traversal via IRC Server Name
CVSS 7.4
CVE-2016-8207 HIGH
Brocade Network Advisor <14.0.2 - Path Traversal
CVSS 7.5
CVE-2016-8206 HIGH
Brocade Network Advisor <14.0.2 - Path Traversal
CVSS 7.5
CVE-2016-8205 CRITICAL
Brocade Network Advisor <14.0.2 - Path Traversal
CVSS 9.8
CVE-2016-8204 CRITICAL
Brocade Network Advisor <14.0.2 - Path Traversal
CVSS 9.8
CVE-2016-3151 HIGH
Barco ClickShare CSC-1, CSM-1, and CSE-200 Firmware - Path Traversal via Wallpaper Parsing
CVSS 7.5
CVE-2016-4323 LOW
Pidgin < 2.10.12 - Path Traversal and Arbitrary File Write via MXIT Protocol Splash Image
CVSS 3.7
CVE-2016-7169 MEDIUM
WordPress < 4.6.1 - Authenticated Path Traversal via File_Upload_Upgrader urlholder Parameter
CVSS 6.3
CVE-2016-10106 MEDIUM
NETGEAR FVS336Gv3-FVS318N-SRX5308 - Path Traversal
CVSS 6.5
CVE-2016-9878 HIGH
Spring Framework < 3.2.18, 4.2.x < 4.2.9, 4.3.x < 4.3.5 - Path Traversal via ResourceServlet
CVSS 7.5
CVE-2016-7087 MEDIUM
VMware Horizon View 5.x-6.x - Directory Traversal
CVSS 5.3
CVE-2016-10039 HIGH
MODX Revolution <2.5.2-pl - Path Traversal
CVSS 7.3
CVE-2016-10038 HIGH
MODX Revolution <2.5.2-pl - Path Traversal
CVSS 7.3
CVE-2016-10037 HIGH
MODX Revolution <2.5.2-pl - Path Traversal
CVSS 7.3
CVE-2016-9950 HIGH
Apport < 2.20.4 - Path Traversal via Package Hook Fields
CVSS 7.8
CVE-2016-8827 MEDIUM
NVIDIA GeForce Experience <3.1.0.52 - Info Disclosure
CVSS 6.5
CVE-2016-9210 HIGH
Cisco Unified Reporting - Unauthenticated RCE
CVSS 7.5
CVE-2016-9208 MEDIUM
Cisco Emergency Responder <12.0.0 - Info Disclosure
CVSS 6.5
CVE-2016-9199 MEDIUM
Cisco IOx <15.2(6.0.57i)E - Info Disclosure
CVSS 6.5
CVE-2016-6614 MEDIUM
phpMyAdmin <4.6.4, <4.4.15.8, <4.0.10.17 - Path Traversal
CVSS 6.8
CVE-2016-7116 MEDIUM
QEMU < 2.6.2 - Path Traversal via Dot-Dot in 9pfs Export Path
CVSS 6.0
Details
Vulnerabilities 9,285
Exploit Likelihood High