CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2012-4135
Cisco NX-OS < 6.1(2) - Local Path Traversal via Filesys Delete Command
CVE-2012-4131
Cisco NX-OS - Local Path Traversal via Tar Command-Line Arguments
CVE-2012-6607
augeas < 1.0.0 - Arbitrary File Overwrite via Symlink Attack on .augsave File
CVE-2012-4104
Cisco Unified Computing System - Path Traversal and Arbitrary File Write via Fabric-Interconnect Image Header
CVE-2012-4705
3S CODESYS Gateway-Server <2.3.9.27 - Path Traversal
CVE-2012-4701
Tridium Niagara AX <3.8 - Path Traversal
CVE-2012-2293
RSA Archer SmartSuite Framework 4.x and RSA Archer GRC < 5.2SP1 - Authenticated Path Traversal and Arbitrary File Write
CVE-2012-6522
w-cms 2.01 - Path Traversal via p Parameter
CVE-2012-6276
TP-LINK TL-WR841N Firmware 3.13.9 build 120201 Rel.54965n - Path Traversal via URL Parameter
CVE-2012-6069
CRITICAL
CODESYS Runtime System - Path Traversal and Arbitrary File Write via File Transfer Functionality
CVSS 10.0
CVE-2012-5185
Olive Toast Documents Pro File Viewer <1.11.1 - Path Traversal
CVE-2012-5972
SpecView < 2.5 Build 853 - Path Traversal via URI
CVE-2012-6500
Pragyan CMS < 3.0 - Path Traversal via Fileget Parameter
CVE-2012-6495
MoinMoin < 1.9.6 - Authenticated Path Traversal and Arbitrary File Write via Twikidraw and Anywikidraw Actions
CVE-2012-6080
MoinMoin 1.9.3-1.9.5 - Path Traversal and Arbitrary File Write via Attachment Move
CVE-2012-4616
EMC Data Protection Advisor 5.6-5.8 SP4 - Path Traversal
CVE-2012-5931
NetIQ Privileged User Manager 2.3.x - Authenticated Path Traversal and Arbitrary File Write via Log Pathname
CVE-2012-6324
VMware vCenter Server Appliance 5.0-5.1 - Authenticated Path Traversal
CVE-2012-1712
Oracle GlassFish Web Space Server 10.0 - Path Traversal in Liferay Component
CVE-2012-5978
VMware View 4.x-4.6.1 and 5.x-5.1.1 - Unauthenticated Path Traversal
CVE-2012-5969
Huawei E585 - Path Traversal via PATH_INFO or req_page Parameter
CVE-2012-4991
Axway SecureTransport <5.1 SP2 - Path Traversal
CVE-2012-4347
Symantec Messaging Gateway 9.5.x - Authenticated Path Traversal via Log Export or Backup Restore
CVE-2012-6064
CMS Made Simple < 1.11.2.1 - Authenticated Path Traversal via deld Parameter
CVE-2012-4834
IBM WebSphere Portal <8.0 - Path Traversal
Details
Vulnerabilities
9,290
Exploit Likelihood
High