Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2022-1373 HIGH

Softing Secure Integration Server v1.22 Remote Code Execution

CVE-2022-1648 MEDIUM

Pandora FMS < 7.0_ng_760 - Authenticated Path Traversal and Remote Code Execution via File Manager

CVE-2022-2139 MEDIUM

Advantech iView < 5.7.04.6469 - Path Traversal and Arbitrary Code Execution

CVE-2022-31163 HIGH

TZInfo <0.36.1, <1.2.10 (with tzinfo-data) - Path Traversal

CVE-2022-20913 MEDIUM

Cisco Nexus Dashboard 2.0-2.2(1e) - Authenticated Arbitrary File Write via Web Management Interface

CVE-2022-20862 MEDIUM

Cisco Unified Communications Manager < 12.5(1)su6 and 14.0-14su2 - Authenticated Path Traversal

CVE-2022-2106 LOW

Elcomplus SmartICS <2.3.4.0 - Path Traversal

CVE-2022-29097 MEDIUM

Dell Wyse Management Suite < 3.6.1 - Path Traversal in Device API

CVE-2022-2120 HIGH

OFFIS DCMTK <3.6.7 - Path Traversal

CVE-2022-1661 HIGH

Keysight N6854A and N6841A RF Firmware < 2.4.0 - Path Traversal

CVE-2022-20790 MEDIUM

Cisco Unified Communications Manager - Info Disclosure

CVE-2022-22279 MEDIUM

Secure Remote Access/SMA <9.0.0.5-19sv - Info Disclosure

CVE-2022-20755 CRITICAL

Cisco TelePresence Video Communication Server < 14.0.5 - Authenticated Path Traversal and Arbitrary File Write

CVE-2022-20754 CRITICAL

Cisco Expressway Series/Cisco VCS - RCE

CVE-2022-23732 HIGH

GitHub Enterprise Server < 3.1.19 - Path Traversal and CSRF Bypass in Management Console

CVE-2022-21808 HIGH

Yokogawa CENTUM CS 3000 R3.08.10-R3.09.00, CENTUM VP R4.01.00-R4.03.00, Exaopc R3.72.00-R3.79.00 - Path Traversal

CVE-2022-21177 HIGH

Yokogawa CENTUM CS 3000 R3.08.10-R3.09.00 and CENTUM VP R4.01.00-R4.03.00 - Path Traversal in CAMS for HIS Log Server

CVE-2021-4459 MEDIUM

SMA Sunny Boy < 3.10.27.R - Authenticated Path Traversal

CVE-2021-22281 MEDIUM

B&R Industrial Automation Studio 4.0-4.12 - Path Traversal

CVE-2021-38399 HIGH

Honeywell Experion PKS - Path Traversal

CVE-2021-22650 HIGH

Ovarro TWinSoft < 12.4 - Path Traversal and Remote Code Execution via Malicious TPG File

CVE-2021-32964 MEDIUM

AGG Software Web Server <4.0.40.1014 - Path Traversal

CVE-2021-34605 HIGH

XINJE XD/E Series PLC Program Tool < 3.5.1 - Arbitrary File Write via Zip Slip

CVE-2021-32949 HIGH

MDT AutoSave <6.02.06 - Path Traversal

CVE-2021-37196 MEDIUM

Siemens COMOS Web < 10.2, 10.3 < 10.3.3.3, 10.4 < 10.4.1 - Path Traversal via Archive Extraction

Previous Page 14 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy