CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2013-3001 HIGH
IBM InfoSphere Data Replication Dashboard <10.1 - Path Traversal
CVSS 7.5
CVE-2013-7462 HIGH
McAfee SCC <6.14-6.15 - Path Traversal
CVSS 7.5
CVE-2013-7448 HIGH
DidiWiki - Path Traversal
CVSS 7.5
CVE-2013-3295
Exponent CMS <2.2.0 RC1 - Path Traversal
CVE-2013-3304
Dell EqualLogic PS4000 <6.0 - Path Traversal
CVE-2013-1641
QuiXplorer < 2.5.5 - Path Traversal via Zip Download selitems[] Parameter
CVE-2013-6771
Splunk < 5.0.5 - Remote Command Execution via Collect Script File Parameter
CVE-2013-5757
Yealink SIP-T38G - Authenticated Path Traversal via dumpConfigFile Function
CVE-2013-5756
Yealink SIP-T38G - Authenticated Path Traversal via Page Parameter
CVE-2013-3993 MEDIUM KEV
IBM InfoSphere BigInsights < 2.1.0.3 - Authenticated Path Traversal via API Parameters
CVSS 6.5
CVE-2013-3004
IBM Tivoli App Dep Dscvr Mgr <7.2.1.5 - Path Traversal
CVE-2013-6221
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
CVE-2013-3739
Network Weathermap < 0.97c - Path Traversal via Mapname Parameter
CVE-2013-6975
Cisco NX-OS < 6.2(2a) - Path Traversal via Command-Line Interface
CVE-2013-5655
YingZhi Python Programming Language for iOS 1.9 - Path Traversal via FTP Server URI
CVE-2013-3514
OpenX < 2.8.10 - Directory Traversal via Plugin Preferences and Settings
CVE-2013-5984
Microweber < 0.830 - Unauthenticated Arbitrary File Deletion via Backup Module File Parameter
CVE-2013-1806
php-fusion < 7.02.06 - Authenticated Path Traversal and Arbitrary File Execution
CVE-2013-7361
SAP CMS and CM Services - Path Traversal and Arbitrary File Write
CVE-2013-6768
Koush Superuser 1.0.2.1 - Unauthenticated Path Traversal via PATH Environment Variable
CVE-2013-1604
MayGion IP Camera Firmware < 09.27 - Path Traversal via Default URI
CVE-2013-2641
Sophos Web Appliance <3.7.8.2 - Path Traversal
CVE-2013-2619
Aspen < 0.8 - Path Traversal via Default URI
CVE-2013-2085
owncloud < 5.0.6 - Authenticated Path Traversal via Dir Parameter
CVE-2013-2039
ownCloud < 4.0.15, 4.5.x < 4.5.11, 5.x < 5.0.6 - Authenticated Path Traversal
Details
Vulnerabilities 9,287
Exploit Likelihood High