CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2012-1025
Enigma2 Webinterface <1.7.0 - Path Traversal
CVE-2012-1024
Enigma2 Webinterface <1.5 - Path Traversal
CVE-2012-0991
OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter
CVE-2012-0981
phpShowtime 2.0 - Path Traversal via 'r' Parameter
CVE-2012-0907
NeoAxis Web Player < 1.4 - Path Traversal and Arbitrary File Write via ZIP Archive Filename
CVE-2012-0898
myEASYbackup <1.0.8.1 - Path Traversal
CVE-2012-0896
count_per_day < 3.1.1 - Unauthenticated Path Traversal via Download Parameter
CVE-2012-0697
HP StorageWorks P2000 G3 - Privilege Escalation
CVE-2011-10010 CRITICAL
QuickShare File Server 1.2.1 - Path Traversal
CVE-2011-10009 HIGH
S40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
CVE-2011-4350 MEDIUM
Yaws 1.91 - Authenticated Path Traversal via URL Request
CVSS 6.5
CVE-2011-5325 HIGH
BusyBox < 1.22.0 v5 - Directory Traversal via Symlink in Tar Implementation
CVSS 7.5
CVE-2011-5310
Wikipad 1.6.0 - Path Traversal via id Parameter
CVE-2011-4722
Ipswitch TFTP Server 1.0.0.24 - Path Traversal via RRQ Filename Field
CVE-2011-4821
D-Link DIR-601 Firmware 1.02NA - Path Traversal via TFTP Server
CVE-2011-4367
Apache MyFaces Core <2.0.12, <2.1.6 - Path Traversal
CVE-2011-3602
Router Advertisement Daemon <1.8.2 - Path Traversal
CVE-2011-5273
Domain Technologie Control < 0.34.1 - Authenticated Path Traversal and Arbitrary PHP Execution via Package Installer
CVE-2011-4696
eye-fi_helper < 3.4.23 - Path Traversal via GetPhotoStatus Request
CVE-2011-2725
Ark < 2.17 - Path Traversal via Zip File
CVE-2011-4518
MICROSYS PROMOTIC < 8.1.5 - Path Traversal
CVE-2011-5219
mPDF < 5.3 - Path Traversal via Filename Parameter
CVE-2011-5217
Hitachi JP1/ServerConductor/DeploymentManager < 08-55 Japanese and < 08-51 English - Directory Traversal
CVE-2011-5210
Limny 3.0.0 - Path Traversal via Theme Parameter
CVE-2011-5208
BackWPup < 1.4.0 - Path Traversal via wpabs Parameter
Details
Vulnerabilities 9,290
Exploit Likelihood High