CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2014-4877
GNU Wget < 1.16 - Absolute Path Traversal via FTP LIST Response Symlink Handling
CVE-2014-3697
Pidgin < 2.10.10 - Path Traversal and Arbitrary File Write via Tar Archive in Smileys
CVE-2014-6037
ManageEngine EventLog Analyzer 9.0/8.2 - Remote Code Execution via ZIP Traversal
CVE-2014-5006
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
CVE-2014-5005
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
CVE-2014-4577
WP AmASIN - The Amazon Affiliate Shop < 0.9.6 - Path Traversal via reviews.php url Parameter
CVE-2014-6308
OsClass < 3.4.2 - Path Traversal via File Parameter in oc-admin/index.php
CVE-2014-2279
SeedDMS < 4.3.4 - Authenticated Path Traversal and Arbitrary File Write via LogManagement and AddFile2
CVE-2014-3664
Jenkins < 1.583 and LTS < 1.565.3 - Authenticated Path Traversal
CVE-2014-6394
visionmedia send <0.8.4 - Info Disclosure
CVE-2014-0754
Schneider Electric Modicon PLC Ethernet Modules - Directory Traversal via Crafted HTTP Request
CVE-2014-5319
S-Link SLFileManager < 1.2.5 - Path Traversal and Arbitrary File Write
CVE-2014-4384
iPhone OS < 7.1.2 - Local Path Traversal via App Installation Code-Signature Validation
CVE-2014-5393
SOS JobScheduler < 1.6.4246 and 1.7.x < 1.7.4241 - Authenticated Path Traversal
CVE-2014-5465
Download Shortcode < 0.2.3 - Path Traversal via File Parameter
CVE-2014-5368
WP Content Source Control < 3.0.0 - Path Traversal via Path Parameter
CVE-2014-4929
ownCloud Server <6.0.4 - Path Traversal
CVE-2014-3340
Cisco WebEx MeetMeNow - Authenticated Path Traversal
CVE-2014-5350
Bitdefender GravityZone < 5.1.5.386 - Path Traversal via Web Console or Update Server
CVE-2014-1222
vtiger CRM < 6.0.0 - Authenticated Path Traversal via KCFinder File Parameter
CVE-2014-5197
Splunk Enterprise 6.1.x - Authenticated Path Traversal via URI
CVE-2014-3914
Rocket ServerGraph 1.2 - Path Traversal
CVE-2014-3855
Pyplate 0.08 - Path Traversal via Filename Parameter
CVE-2014-5187
Tom M8te Plugin 1.5.3 - Path Traversal via File Parameter
CVE-2014-5181
lastfm-rotation_plugin 1.0 - Path Traversal via snode Parameter
Details
Vulnerabilities 9,287
Exploit Likelihood High