CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2014-7951 MEDIUM
Android 4.0.4 - Path Traversal and Arbitrary File Write via ADB Backup Tar Headers
CVSS 4.6
CVE-2014-9609 MEDIUM
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Path Traversal
CVSS 5.3
CVE-2014-5236 HIGH
Open-Xchange AppSuite < 7.4.2-rev10 and 7.6.x < 7.6.0-rev10 - Path Traversal via OpenDocument File
CVSS 7.5
CVE-2014-8742 HIGH
Lexmark MarkVision Enterprise <2.1 - Path Traversal
CVSS 7.5
CVE-2014-8741 CRITICAL
Lexmark MarkVision Enterprise <2.1 - Path Traversal
CVSS 9.8
CVE-2014-1923 HIGH
Koha <3.8.23, <3.10.13, <3.12.10, <3.14.3 - Path Traversal
CVSS 7.5
CVE-2014-1922 HIGH
Koha <3.8.23, <3.10.13, <3.12.10, <3.14.3 - Path Traversal
CVSS 7.5
CVE-2014-5007 CRITICAL
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
CVSS 9.8
CVE-2014-9356 HIGH
Docker < 1.3.3 - Path Traversal and Arbitrary File Write via Symlink in Image or Dockerfile
CVSS 8.6
CVE-2014-9014 MEDIUM
WP Marketplace <2.4.1 - Path Traversal
CVSS 4.3
CVE-2014-10397 HIGH
Antioch Theme < 2014-09-07 - Unauthenticated Arbitrary File Download via Download Script
CVSS 7.5
CVE-2014-10396 HIGH
Epic Theme < 2.0.9 - Unauthenticated Arbitrary File Download via Download Endpoint
CVSS 7.5
CVE-2014-10390 CRITICAL
WP Support Plus Responsive Ticket System < 4.2 - Path Traversal
CVSS 9.1
CVE-2014-5436 HIGH
Honeywell Experion PKS R40x < R400.6, R41x < R410.6, R43x < R430.2 - Path Traversal in confd.exe
CVSS 7.5
CVE-2014-10066 HIGH
fancy-server < 0.1.4 - Path Traversal via Directory Traversal Sequences
CVSS 7.5
CVE-2014-10068 HIGH
hapi/inert < 1.1.1 - Path Traversal via Hidden Directory Handling
CVSS 7.5
CVE-2014-10073 HIGH
Psensor < 1.1.4 - Path Traversal in create_response Function
CVSS 7.5
CVE-2014-2069 HIGH
Eshtery CMS - Path Traversal via File Parameter in FileManager.aspx
CVSS 7.5
CVE-2014-2674 HIGH
Ajax Pagination (twitter Style) <1.1 - Path Traversal
CVSS 7.5
CVE-2014-3626 HIGH
Grails Resources 1.2.0-1.2.11 - Path Traversal via Double Decoding
CVSS 7.5
CVE-2014-3972 MEDIUM
Apexis APM-J601-WS <17.35.2.49 - Path Traversal
CVSS 5.3
CVE-2014-9485 MEDIUM
minizip < 1.1-5 - Path Traversal and Arbitrary File Write via ZIP Archive Entry
CVSS 5.5
CVE-2014-5068 HIGH
Symmetricom s350i 2.70.15 - Path Traversal via Dot-Dot-Slash Sequences
CVSS 7.5
CVE-2014-0115 HIGH
Apache Storm 0.9.0.1 - Path Traversal
CVSS 7.5
CVE-2014-3744 HIGH
st module for Node.js < 0.2.5 - Path Traversal via Encoded Dot-Dot Sequences
CVSS 7.5
Details
Vulnerabilities 9,287
Exploit Likelihood High