CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,286 vulnerabilities with CWE-22
CVE-2015-9406 HIGH
mTheme-Unus < 2.3 - Path Traversal via CSS File Parameter
CVSS 7.5
CVE-2015-9287 CRITICAL
University of Cambridge mod_ucam_webauth < 2.0.2 - Path Traversal via WLS-Response kid Field
CVSS 9.8
CVE-2015-4617 HIGH
easy2map-photos 1.09 - Path Traversal via MapPinImageUpload.php and MapPinIconSave.php
CVSS 7.5
CVE-2015-9277 CRITICAL
MailEnable < 8.60 - Path Traversal and Arbitrary File Write via Mishandled /../ Sequences
CVSS 9.1
CVE-2015-9275 MEDIUM
ARC 5.21q - Path Traversal via Archive File
CVSS 5.3
CVE-2015-4632 HIGH
Koha 3.14.00-3.14.15 - Path Traversal via Template Path Parameter
CVSS 7.5
CVE-2015-9266 CRITICAL
Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2015-1503 HIGH
IceWarp Mail Server <11.2 - Path Traversal
CVSS 7.5
CVE-2015-5079 HIGH
BlackCat CMS < 1.1.2 - Path Traversal via widgets/logs.php dl Parameter
CVSS 7.5
CVE-2015-4461 MEDIUM
efront < 3.6.15.4 - Authenticated Path Traversal via Other Parameter
CVSS 6.5
CVE-2015-9250 HIGH
Skybox Platform < 7.5.201 - Path Traversal via tempFileName Parameter
CVSS 7.5
CVE-2015-7669 CRITICAL
easy2map < 1.3.0 - Path Traversal and Arbitrary File Execution via CSV File Parameter
CVSS 9.8
CVE-2015-2856 HIGH
Accellion File Transfer Appliance < fta_9_11_200 - Path Traversal via Statecode Cookie
CVSS 7.5
CVE-2015-1429 HIGH
Thinfinity Remote Desktop Workstation <3.0.0.3 - Path Traversal
CVSS 7.5
CVE-2015-4074 HIGH
Helpdesk Pro < 1.3.0 - Path Traversal via Ticket Download Attachment Filename Parameter
CVSS 7.5
CVE-2015-4085 HIGH
Etherpad < 1.6.0 - Path Traversal in Frontend Tests
CVSS 7.5
CVE-2015-1876 HIGH
ES File Explorer 3.2.4.1 - Path Traversal
CVSS 7.5
CVE-2015-1386 HIGH
unshield 1.0-1.1 - Path Traversal
CVSS 7.5
CVE-2015-1199 HIGH
ppmd 10.1-5 - Path Traversal
CVSS 7.5
CVE-2015-1198 HIGH
ha <0.999p+dfsg-5 - Path Traversal
CVSS 7.5
CVE-2015-4181 HIGH
phpMyBackupPro 2.1-2.5 - Path Traversal via View Parameter
CVSS 7.5
CVE-2015-4180 HIGH
phpMyBackupPro 2.1-2.4 - Path Traversal via View Parameter
CVSS 7.5
CVE-2015-1395 HIGH
GNU patch <2.7.3 - Path Traversal
CVSS 7.5
CVE-2015-8352 CRITICAL
Zen Cart 1.5.4 - Remote File Inclusion via AJAX act Parameter Path Traversal
CVSS 9.8
CVE-2015-0781 CRITICAL
Novell ZENworks Configuration Management - Remote Code Execution via Directory Traversal in Rtrlet doPost
CVSS 9.8
Details
Vulnerabilities 9,286
Exploit Likelihood High