CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2013-5979
Xibo 1.2.x < 1.2.3 and 1.4.x < 1.4.2 - Path Traversal via Index.php p Parameter
CVE-2013-5692
X2Engine X2CRM < 3.5 - Authenticated Path Traversal via Translation Manager File Parameter
CVE-2013-2068
Red Hat CloudForms Management Engine 2.0 - Path Traversal and Arbitrary File Write
CVE-2013-5751
SAP NetWeaver 7.x - Path Traversal
CVE-2013-4315
Django 1.4.x < 1.4.7, 1.5.x < 1.5.3, 1.6.x < 1.6 beta 3 - Directory Traversal via SSI Template Tag
CVE-2013-5216
CapaSystems Performance Guard <6.2.102 - Path Traversal
CVE-2013-3658
VMware ESXi 4.0-5.0 and ESX 4.0-4.1 - Path Traversal and Arbitrary File Deletion
CVE-2013-4900
DeWeS web server <0.4.2 - Path Traversal
CVE-2013-1645
Open-Xchange Server <6.20.7 rev14, 6.22.0<rev13, 6.22.1<rev14 Authenticated Path Traversal
CVE-2013-4702
LOCKON EC-CUBE <2.12.5 - Path Traversal
CVE-2013-5648
libdigidoc <3.7.2 - Path Traversal
CVE-2013-3598
SearchBlox < 7.5 - Unauthenticated Path Traversal and Arbitrary File Write via CreateTemplateServlet Name Parameter
CVE-2013-2988
IBM Cognos BI <10.2.1 - Path Traversal
CVE-2013-2978
IBM Cognos BI <10.2.1 - Path Traversal
CVE-2013-2979
IBM Optim Performance Manager <5.2 - Path Traversal
CVE-2013-2900
Google Chrome <29.0.1547.57 - Path Traversal
CVE-2013-5301
Trustport Webfilter <5.5.0.2232 - Path Traversal
CVE-2013-3457
Cisco Finesse - Unauthenticated Path Traversal via Direct Directory URL Request
CVE-2013-2117
cgit < 0.9.2 - Path Traversal via URL Parameter
CVE-2013-0150
F5 BIG-IP APM 10.1.0-10.2.4 and 11.0.0-11.3.0 - Remote Code Execution via Java Applet Filename Parameter
CVE-2013-5022
National Instruments LabWindows/CVI <2012 SP1 - Path Traversal
CVE-2013-5021
National Instruments <2012 SP1 - Path Traversal
CVE-2013-3429
Cisco Video Surveillance Manager < 7.0.0 - Path Traversal via Crafted URL
CVE-2013-4668
File Roller <3.6.4, <3.8.3, <3.9.3 - Path Traversal
CVE-2013-2984
IBM Sterling B2B Integrator <5.3 - Path Traversal
Details
Vulnerabilities 9,290
Exploit Likelihood High