CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,287 vulnerabilities with CWE-22
CVE-2013-5639
Gnew < 2013.1 - Path Traversal via gnew_language Cookie
CVE-2013-4413
wicked < 1.0.1 - Path Traversal via Step Parameter
CVE-2013-6720
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated Path Traversal via Log Parameter
CVE-2013-6304
IBM Algo One 2.4.0.1-4.9.1 - Authenticated Path Traversal via Crafted Configuration or JAR File Path
CVE-2013-3706
Novell ZENworks Configuration Management 11.2 - Unauthenticated Path Traversal via PreBoot Update Pathname
CVE-2013-6303
IBM Algo One - Authenticated Path Traversal
CVE-2013-4054
IBM WebSphere MQ 7.5 - Path Traversal via WMQ Telemetry URI
CVE-2013-6652
Google Chrome < 33.0.1750.117 - Path Traversal via Named Pipe Dispatcher
CVE-2013-4420
libtar < 1.2.20 - Path Traversal via Crafted Tar File
CVE-2013-1904
Roundcube Webmail < 0.7.3 and 0.8.x < 0.8.6 - Path Traversal via _value Parameter
CVE-2013-7300
cantata < 1.2.2 - Absolute Path Traversal via Internal HTTP Server
CVE-2013-6030
Emerson Network Power Avocent MergePoint Unity 2016 Firmware 1.9.16473 - Path Traversal
CVE-2013-5011
Symantec Endpoint Protection <11.0.7.4, 12.1.2 - Privilege Escalation
CVE-2013-7138
Horizon Quick Content Management System < 4.0 - Path Traversal via Start Parameter
CVE-2013-7174
QNAP QTS < 4.1.0 - Path Traversal via cgi-bin/jc.cgi f Parameter
CVE-2013-7097
7mediaws eduTrac < 1.1.2 - Path Traversal via Installer Overview showmask Parameter
CVE-2013-7240
Advanced Dewplayer <1.2 - Path Traversal
CVE-2013-6987
Synology DiskStation Manager - Path Traversal via FileBrowser Components
CVE-2013-5219
HOT HOTBOX <2.1.11 - Path Traversal
CVE-2013-7190
iScripts AutoHoster - Path Traversal
CVE-2013-3043
IBM Rational Software Architect <4.0.5 - Path Traversal
CVE-2013-3042
IBM Rational Software Architect <4.0.5 - Path Traversal
CVE-2013-5107
RockMongo < 1.1.5 - Path Traversal via ROCK_LANG Cookie
CVE-2013-7091
Zimbra 7.2.2-8.0.2 - Path Traversal
CVE-2013-6397
Apache Solr < 4.6 - Path Traversal via tr Parameter
Details
Vulnerabilities 9,287
Exploit Likelihood High