CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2014-1969
apps4u@android <20140224 - Path Traversal
CVE-2014-2583
Linux-PAM - Local Path Traversal via PAM_RUSER or PAM_TTY Values
CVE-2014-2145
Cisco Unity Connection - Path Traversal
CVE-2014-2210
CA ERwin Web Portal 9.5 - Path Traversal
CVE-2014-0632
EMC VPLEX GeoSynchrony 4.x-5.x - Authenticated Path Traversal
CVE-2014-2588
McAfee Asset Manager 6.6 - Path Traversal
CVE-2014-1970
ES File Explorer <3.0.4 - Path Traversal
CVE-2014-1507
Oracle Solaris < 1.2 - Path Traversal
CVE-2014-1506
Firefox < 28.0 - Directory Traversal via Android Crash Reporter Arguments
CVE-2014-2536
McAfee Cloud Identity Manager <3.5.1 - Path Traversal
CVE-2014-2535
McAfee Web Gateway <7.4.1-7.3.2.6-7.2.0.9 - Path Traversal
CVE-2014-1975
R-Company Unzipper <1.0.1 - Path Traversal
CVE-2014-1715
Google Chrome <33.0.1750.152-33.0.1750.154 - Path Traversal
CVE-2014-1707
Google Chrome OS <33.0.1750.152 - Path Traversal
CVE-2014-2324
lighttpd < 1.4.35 - Path Traversal via Host Name
CVE-2014-2314
Atlassian JIRA <6.0.4 - Path Traversal
CVE-2014-2313
Atlassian JIRA <6.0.5 - Path Traversal
CVE-2014-1907
VideoWhisper Live Streaming Integration <4.29.5 - Path Traversal
CVE-2014-2059
Jenkins <1.551-1.532.2 - Path Traversal
CVE-2014-0820
Cybozu Garoon 2.x-2.5.4 and 3.x-3.7 SP3 - Authenticated Path Traversal via Download Feature
CVE-2014-1698
Siemens SIMATIC WinCC OA <3.12 P002 - Path Traversal
CVE-2014-1833
devscripts <2.14.1 - Path Traversal
CVE-2014-0830
IBM Financial Transaction Manager 2.0-2.0.0.2 and 2.1 - Authenticated Path Traversal via OAC Table-Export
CVE-2014-0751
GE Proficy HMI/SCADA CIMPLICITY < 8.2 - Arbitrary File Write via CimWebServer Shell File Upload
CVE-2014-0750
GE Proficy HMI/SCADA - CIMPLICITY < 8.2 - Remote Code Execution via Directory Traversal in WebView CimWeb
Details
Vulnerabilities 9,287
Exploit Likelihood High