CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2014-5160
HP Data Protector - Unauthenticated Path Traversal and Arbitrary File Write via Opcode Requests
CVE-2014-5115
DirPHP 1.0 - Path Traversal via phpfile Parameter
CVE-2014-0475
GNU C Library <2.20 - Path Traversal
CVE-2014-5111
Fonality trixbox - Path Traversal via Lang Parameter
CVE-2014-2626
HP Network Virtualization <8.6 - Path Traversal
CVE-2014-2625
HP Network Virtualization <8.6 - Path Traversal
CVE-2014-4910
X.Org xf86-video-intel <2.99.911 - Path Traversal
CVE-2014-1973
NextApp File Explorer <2.1.0.3 - Path Traversal
CVE-2014-3323
Cisco Unified Contact Center Enterprise - Authenticated Path Traversal via Crafted URL
CVE-2014-3777
Reportico PHP Report Designer < 4.0 - Path Traversal via XMLIN Parameter
CVE-2014-3319
Cisco Unified Communications Manager 10.0(1) - Authenticated Path Traversal via RTMT URL
CVE-2014-3317
Cisco Unified Communications Manager 10.0(1) - Authenticated Path Traversal via Dialed Number Analyzer
CVE-2014-4941
WordPress wp-cross-rss <1.7 - Path Traversal
CVE-2014-4940
Tera Charts 0.1 - Path Traversal via fn Parameter
CVE-2014-4937
BookX 1.7 - Path Traversal via File Parameter
CVE-2014-4690
pfSense < 2.1.3 - Path Traversal via pkg Parameter (Unauthenticated) and downloadbackup Parameter (Authenticated)
CVE-2014-4689
pfSense < 2.1.3 - Path Traversal via pkg_edit.php xml Parameter
CVE-2014-4507
Foreman <1.4.5, <1.5.1 - Path Traversal
CVE-2014-2962
Belkin N150 F9K1009 Firmware < 1.00.08 - Path Traversal via getpage Parameter
CVE-2014-2611
HP Executive Scorecard 9.40-9.41 - Authenticated Path Traversal
CVE-2014-2610
HP Executive Scorecard 9.40-9.41 - Path Traversal & Code Execution via File Upload
CVE-2014-0598
Novell Open Enterprise Server iPrint - Path Traversal
CVE-2014-4306
WebTitan < 4.01 - Path Traversal via Logfile Parameter
CVE-2014-2575
Devexpress Aspxfilemanager Control For Webforms And Mvc < 13.1.9 - Path Traversal
CVE-2014-3975
AuraCMS 3.0 - Path Traversal via filemanager.php viewdir Parameter
Details
Vulnerabilities 9,287
Exploit Likelihood High