CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,286 vulnerabilities with CWE-22
CVE-2015-1847 HIGH
appserver < 1.0.2 - Path Traversal via Crafted URL
CVSS 7.5
CVE-2015-3297 HIGH
Etherpad 1.1.1-1.5.2 - Path Traversal via Minify.js Path Parameter
CVSS 7.5
CVE-2015-7780 MEDIUM
ManageEngine Firewall Analyzer <8.0 - Path Traversal
CVSS 6.5
CVE-2015-8235 HIGH
call-cc spiffy < 5.4 - Path Traversal
CVSS 7.5
CVE-2015-7888 HIGH
Samsung S6 Edge LRX22G.G925VVRU1AOE2 - Path Traversal
CVSS 7.5
CVE-2015-5473 CRITICAL
Samsung SyncThru 6 <1.0 - Path Traversal
CVSS 9.8
CVE-2015-0269 MEDIUM
Contao < 3.2.19 and 3.4.0-3.4.3 - Authenticated Path Traversal
CVSS 4.3
CVE-2015-1834 MEDIUM
Cloudfoundry Cf-release < 207 - Path Traversal
CVSS 6.5
CVE-2015-5609 CRITICAL
WordPress Image Export <1.1 - Path Traversal
CVSS 9.1
CVE-2015-5469 HIGH
MDC YouTube Downloader <2.1.0 - Path Traversal
CVSS 7.5
CVE-2015-5468 HIGH
WP e-Commerce Shop Styling <2.6 - Path Traversal
CVSS 7.5
CVE-2015-4704 HIGH
Download Zip Attachments 1.0 - Path Traversal via File Parameter
CVSS 7.5
CVE-2015-7245 HIGH
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Path Traversal via Errorpage Parameter
CVSS 7.5
CVE-2015-0107 MEDIUM
IBM Maximo Asset Management 7.1-7.1.1.8, 7.5 < 7.5.0.7 IFIX003, 7.6 < 7.6.0.0 IFIX002 - Authenticated Path Traversal
CVSS 6.5
CVE-2015-8780 MEDIUM
Samsung Kies < 2015-10-30 - Path Traversal via Kies Restore
CVSS 6.4
CVE-2015-8283 MEDIUM
SeaWell Networks Spectrum SDC <2.05.00 - Path Traversal
CVSS 6.5
CVE-2015-7270 HIGH
Dell Integrated Remote Access Controller Firmware < 2.20.20.20 - Path Traversal
CVSS 7.8
CVE-2015-8309 MEDIUM
Cherry Music <0.36.0 - Path Traversal
CVSS 4.3
CVE-2015-1000006 HIGH
recent-backups v0.7 - Path Traversal
CVSS 7.5
CVE-2015-1000005 HIGH
Candidate Application Form <1.0 - RCE
CVSS 7.5
CVE-2015-8799 HIGH
Symantec Critical System Protection < 5.2.9 - Authenticated Path Traversal and Arbitrary File Write
CVSS 7.6
CVE-2015-8798 HIGH
Symantec Critical System Protection < 5.2.9 - Authenticated Path Traversal
CVSS 8.0
CVE-2015-5313 LOW
libvirt - Path Traversal via Volume Name
CVSS 2.5
CVE-2015-5345 MEDIUM
Apache Tomcat <6.0.45-9.0.0.M2 - Info Disclosure
CVSS 5.3
CVE-2015-5174 MEDIUM
Apache Tomcat 6.x < 6.0.45, 7.x < 7.0.65, 8.x < 8.0.27 - Directory Traversal via Slash Dot Dot
CVSS 4.3
Details
Vulnerabilities 9,286
Exploit Likelihood High