CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,285 vulnerabilities with CWE-22
CVE-2016-6321 HIGH
GNU tar 1.14-1.29 - Path Traversal via File Name Parameter
CVSS 7.5
CVE-2016-2933 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Authenticated Path Traversal
CVSS 6.8
CVE-2016-5765 MEDIUM
Micro Focus Host Access Management and Security Server - Info Discl...
CVSS 6.5
CVE-2016-9177 HIGH
Spark < 2.5 - Path Traversal via URI
CVSS 7.5
CVE-2016-1000112 CRITICAL
contus-video-comments v1.0 - Unauthenticated Path Traversal and Arbitrary File Write via JPG Upload
CVSS 9.1
CVE-2016-6023 HIGH
IBM Sterling Secure Proxy <3.4.2.0-3.4.3.0 - Path Traversal
CVSS 7.5
CVE-2016-8343 HIGH
INDAS Web SCADA <3 - Path Traversal
CVSS 7.5
CVE-2016-8280 MEDIUM
Huawei eSight <V300R003C20SPC005 - Path Traversal
CVSS 6.5
CVE-2016-6038 MEDIUM
IBM AIX 5.3, 6.1, 7.1 - Authenticated Path Traversal via Eclipse Help URL
CVSS 6.5
CVE-2016-5970 MEDIUM
IBM Security Privileged Identity Manager <2.0.2 FP8 - Path Traversal
CVSS 6.5
CVE-2016-6371 HIGH
Cisco HCM-F <10.6.3 - Path Traversal
CVSS 7.5
CVE-2016-6370 MEDIUM
Cisco HCM-F <10.6.3 - Path Traversal
CVSS 4.3
CVE-2016-5332 MEDIUM
VMware vRealize Log Insight 2.x-3.x - Path Traversal
CVSS 5.3
CVE-2016-5664 MEDIUM
Accellion Kiteworks <kw2016.03.00 - Path Traversal
CVSS 4.3
CVE-2016-5049 HIGH
ReadyDesk 9.1 - Path Traversal via SESID and FNAME Parameters
CVSS 7.5
CVE-2016-1429 HIGH
Cisco RV180/RV180W - Path Traversal
CVSS 7.5
CVE-2016-6138 CRITICAL
SAP TREX 7.10 Revision 63 - Path Traversal
CVSS 9.8
CVE-2016-5639 HIGH
Crestron AirMedia <1.4.0.13 - Path Traversal
CVSS 7.5
CVE-2016-6232 HIGH
KArchive <5.24 - Path Traversal
CVSS 7.5
CVE-2016-1610 HIGH
Novell Filr <1.2 SU3, 2.0 SU2 - Path Traversal
CVSS 7.5
CVE-2016-1605 MEDIUM
NetIQ Sentinel <7.4.2 - Path Traversal
CVSS 6.5
CVE-2016-5092 MEDIUM
FortiWeb < 5.5.3 - Authenticated Path Traversal via Autolearn Feature
CVSS 4.9
CVE-2016-2205 MEDIUM
Symantec Workspace Streaming and Virtualization - Authenticated Path Traversal
CVSS 5.7
CVE-2016-5098 MEDIUM
phpMyAdmin - Path Traversal in Error Report Library
CVSS 5.3
CVE-2016-2872 MEDIUM
IBM Security QRadar SIEM and Incident Forensics 7.2.x < 7.2.7 - Path Traversal via Crafted URL
CVSS 5.3
Details
Vulnerabilities 9,285
Exploit Likelihood High