CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2014-0809
Gapless Player SimZip < 1.2.1 - Path Traversal and Arbitrary File Write via Crafted Filename
CVE-2014-0666
Cisco Jabber < 9.2(1) - Remote Code Execution via Send Screen Capture
CVE-2014-0805
NeoFiler <= 5.4.3 and NeoFiler Lite < 2.4.2 - Path Traversal and Arbitrary File Write
CVE-2014-0804
CGENE Security File Manager <= 1.0.6 - Path Traversal and Arbitrary File Write
CVE-2014-0803
tetra_filer < 1.5.1 - Path Traversal and Arbitrary File Write
CVE-2014-0802
aokitaka ZIP with Pass and ZIP with Pass Pro - Path Traversal and Arbitrary File Write
CVE-2013-10063 MEDIUM
Netgear SPH200D Skype phone firmware <=1.0.4.80 - Path Traversal
CVE-2013-10062 MEDIUM
Linksys router <1.0.00-1.0.05 - Path Traversal
CVE-2013-10046 HIGH
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
CVE-2013-1891 MEDIUM
OpenCart 1.4.7-1.5.5.1 - Path Traversal via Filemanager Bypass
CVSS 6.5
CVE-2013-4861 MEDIUM
MiCasaVerde VeraLite <1.5.408 - Path Traversal
CVSS 6.5
CVE-2013-2474 HIGH
AWS XMS 2.5 - Path Traversal via 'what' Parameter
CVSS 7.5
CVE-2013-6056 HIGH
Alienvault Open Source Security Infor... - Path Traversal
CVSS 7.5
CVE-2013-1597 MEDIUM
Vivotek PT7135 Firmware 0300a and 0400a - Path Traversal via GET Request
CVSS 6.5
CVE-2013-6785 MEDIUM
Supermicro IPMI < SMT_X9_315 Authenticated Path Traversal via url_redirect.cgi
CVSS 4.3
CVE-2013-6225 CRITICAL
LiveZilla 5.0.1.4 - Remote Code Execution via Path Traversal
CVSS 9.8
CVE-2013-3311 HIGH
Loftek Nexus 543 Firmware - Unauthenticated Path Traversal via URL
CVSS 7.5
CVE-2013-3073 CRITICAL
NETGEAR Centria WNDR4700 Firmware 1.0.0.34 - Path Traversal
CVSS 9.8
CVE-2013-4657 CRITICAL
NETGEAR WNR3500U/WNR3500L - Path Traversal
CVSS 9.8
CVE-2013-4654 CRITICAL
TP-LINK TL-WDR4300 & TL-1043ND - Path Traversal
CVSS 9.8
CVE-2013-4656 CRITICAL
ASUS RT-AC66U,RT-N56U - Path Traversal
CVSS 9.8
CVE-2013-4658 CRITICAL
Linksys EA6500 Firmware - Path Traversal via SMB Symlink
CVSS 9.8
CVE-2013-4855 HIGH
D-Link DIR-865L Firmware - Path Traversal via SMB Symlink Misconfiguration
CVSS 8.8
CVE-2013-7466 HIGH
Simple Machines Forum 2.0.4 - Remote Code Execution via Path Traversal in install.php db_type Parameter
CVSS 8.8
CVE-2013-2565 MEDIUM
Mambo CMS 4.6.5 - Path Traversal
CVSS 5.3
Details
Vulnerabilities 9,287
Exploit Likelihood High