CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2013-3654
LOCKON EC-CUBE 2.12.0-2.12.4 - Path Traversal via SC_CheckError.php and SC_FormParam.php
CVE-2013-3650
LOCKON EC-CUBE < 2.12.5 - Path Traversal via resize_image.php Image Parameter
CVE-2013-4097
DS3 Authentication Server - Path Traversal via ServerAdmin/TestDRConnection.jsp
CVE-2013-4093
Imperva SecureSphere 9.0.0.5 - Information Disclosure via Direct Request
CVE-2013-2981
IBM Data Studio <3.1.1 - Path Traversal
CVE-2013-0136
Mutiny < 5.0-1.11 - Authenticated Path Traversal and Arbitrary File Write via EditDocument Servlet
CVE-2013-3661
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
CVE-2013-1224
Cisco Unified Customer Voice Portal < 9.0(1) - Path Traversal and Arbitrary File Write via Resource Manager
CVE-2013-3504
GroundWork Monitor Enterprise 6.7.0 - Authenticated Path Traversal and Arbitrary File Write via MONARCH monarch.cgi
CVE-2013-1156
Cisco Prime Central - Path Traversal
CVE-2013-0673
MatrikonOPC A&E Historian <1.0.0.0 - Path Traversal
CVE-2013-0141
McAfee ePolicy Orchestrator < 4.5.7/4.6.x < 4.6.6 - Path Traversal & Arbitrary File Write
CVE-2013-3240
phpMyAdmin <4.0.0-rc3 - Path Traversal
CVE-2013-0544
IBM WebSphere Application Server <8.5.0.2 - Path Traversal
CVE-2013-1167
Cisco IOS XE 3.2-3.4 and 3.5 - Denial of Service via BDI Encapsulation Processing
CVE-2013-1082
Novell ZENworks Mobile Management <2.7.1 - Path Traversal
CVE-2013-1079
Novell ZENworks Configuration Management (ZCM) <11.2 - Path Traversal
CVE-2013-1608
Symantec NetBackup Appliance 2.0.x - Path Traversal
CVE-2013-0679
Siemens WinCC <7.2 - Path Traversal
CVE-2013-0671
Siemens WinCC (TIA Portal) 11 - Path Traversal
CVE-2013-0332
ZoneMinder 1.24.x - Path Traversal via View Request or Action Parameter
CVE-2013-2560
Foscam <11.37.2.49 - Path Traversal
CVE-2013-1469
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
CVE-2013-0084
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 - Directory Traversal via Crafted URL
CVE-2013-1081
Novell ZENworks Mobile Management <2.7.0 - Path Traversal
Details
Vulnerabilities 9,290
Exploit Likelihood High