CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,285 vulnerabilities with CWE-22
CVE-2016-5307 MEDIUM
Symantec Endpoint Protection Manager < 12.1.6 - Authenticated Path Traversal
CVSS 4.3
CVE-2016-1434 MEDIUM
Cisco 8800 <11.0(1) - File Deletion
CVSS 6.5
CVE-2016-1192 MEDIUM
Cybozu Garoon <4.2 - Path Traversal
CVSS 4.3
CVE-2016-1191 MEDIUM
Cybozu Garoon <4.2.1 - Path Traversal
CVSS 5.3
CVE-2016-4815 HIGH
BUFFALO WZR-600DHP3 and WZR-S600DHP Firmware <= 2.16 - Path Traversal
CVSS 7.5
CVE-2016-4814 HIGH
Geospatial Information Authority of Japan Old_GSI_Maps - Path Traversal via kml2jsonp.php
CVSS 7.5
CVE-2016-1223 MEDIUM
Trend Micro Office Scan <11.0 - Path Traversal
CVSS 5.3
CVE-2016-4532 CRITICAL
Trihedral VTScada 8.x-11.x < 11.2.02 - Path Traversal via WAP Interface
CVSS 9.1
CVE-2016-1212 LOW
Futomi MP Form Mail CGI Pro <3.2.3 - Path Traversal
CVSS 2.7
CVE-2016-1671 HIGH
Google Chrome <50.0.2661.102 - Path Traversal
CVSS 8.1
CVE-2016-1593 HIGH
Micro Focus Novell Service Desk <7.2 - Path Traversal
CVSS 7.2
CVE-2016-3972 LOW
dotcms < 3.5 - Authenticated Path Traversal via dotTailLogServlet fileName Parameter
CVSS 2.7
CVE-2016-4004 MEDIUM
Dell OpenManage Server Administrator 8.2 - Authenticated Path Traversal via ViewFile File Parameter
CVSS 4.9
CVE-2016-0784 MEDIUM
Apache OpenMeetings <3.1.1 - Path Traversal
CVSS 6.5
CVE-2016-0709 HIGH
Apache Jetspeed <2.3.1 - Path Traversal
CVSS 7.2
CVE-2016-3976 HIGH KEV
SAP NetWeaver AS Java <7.6 - Path Traversal
CVSS 7.5
CVE-2016-2097 MEDIUM
Ruby on Rails < 3.2.22.2 and 4.x < 4.1.14.2 - Directory Traversal via Render Method
CVSS 5.3
CVE-2016-2289 HIGH
ICONICS WebHMI < 9.0 - Path Traversal and Password Hash Exposure
CVSS 7.5
CVE-2016-2389 HIGH
SAP NetWeaver xMII 15.0 - Directory Traversal via GetFileList Path Parameter
CVSS 7.5
CVE-2016-0752 HIGH KEV
Ruby on Rails Dynamic Render File Upload Remote Code Execution
CVSS 7.5
CVE-2016-1525 HIGH
NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
CVSS 8.6
CVE-2016-1145 HIGH
NEC EXPRESSCLUSTER X - Path Traversal
CVSS 7.5
CVE-2016-0855 HIGH
Advantech WebAccess <8.1 - Path Traversal
CVSS 7.5
CVE-2016-1231 MEDIUM
Prosody <0.9.9 - Path Traversal
CVSS 5.9
CVE-2015-10136 HIGH
GI-Media Library <3.0 - Path Traversal
CVSS 7.5
Details
Vulnerabilities 9,285
Exploit Likelihood High