CWE-22— Path Traversal
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.— MITRE CWE catalog
8,734 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-22page 40 of 175
- CVE-2017-16180HIGHCVSS 7.5EG 7.52018-06-07
serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16181HIGHCVSS 7.5EG 7.52018-06-07
wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16182HIGHCVSS 7.5EG 7.52018-06-07
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16183HIGHCVSS 7.5EG 7.52018-06-07
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16184HIGHCVSS 7.5EG 7.52018-06-07
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16185HIGHCVSS 7.5EG 7.52018-06-07
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16186HIGHCVSS 7.5EG 7.52018-06-07
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16187HIGHCVSS 7.5EG 7.52018-06-07
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16188HIGHCVSS 7.5EG 7.52018-06-07
reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16189HIGHCVSS 7.5EG 7.52018-06-07
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16190HIGHCVSS 7.5EG 7.52018-06-07
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16191HIGHCVSS 7.5EG 7.52018-06-07
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16192HIGHCVSS 7.5EG 7.52018-06-07
getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16193HIGHCVSS 7.5EG 7.52018-06-07
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16194HIGHCVSS 7.5EG 7.52018-06-07
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16195HIGHCVSS 7.5EG 7.52018-06-07
pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16196HIGHCVSS 7.5EG 7.52018-06-07
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16197HIGHCVSS 7.5EG 7.52018-06-07
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16198HIGHCVSS 7.5EG 7.52018-06-07
ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/pas…
- CVE-2017-16199HIGHCVSS 7.5EG 7.52018-06-07
susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16200HIGHCVSS 7.5EG 7.52018-06-07
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16201HIGHCVSS 7.5EG 7.52018-06-07
zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16208HIGHCVSS 7.5EG 7.52018-06-07
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16209HIGHCVSS 7.5EG 7.52018-06-07
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16210HIGHCVSS 7.5EG 7.52018-06-07
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16211HIGHCVSS 7.5EG 7.52018-06-07
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16212HIGHCVSS 7.5EG 7.52018-06-07
ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16213HIGHCVSS 7.5EG 7.52018-06-07
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16214HIGHCVSS 7.5EG 7.52018-06-07
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16215HIGHCVSS 7.5EG 7.52018-06-07
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16216HIGHCVSS 7.5EG 7.52018-06-07
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16217HIGHCVSS 7.5EG 7.52018-06-07
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16218HIGHCVSS 7.5EG 7.52018-06-07
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16219HIGHCVSS 7.5EG 7.52018-06-07
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16220HIGHCVSS 7.5EG 7.52018-06-07
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16221HIGHCVSS 7.5EG 7.52018-06-07
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16222MEDIUMCVSS 5.3EG 5.32018-06-07
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sendi…
- CVE-2017-16223HIGHCVSS 7.5EG 7.52018-06-07
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- CVE-2017-16591MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the exist…
- CVE-2017-16592MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the exist…
- CVE-2017-16593MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing auth…
- CVE-2017-16595MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the exist…
- CVE-2017-16596MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the exist…
- CVE-2017-16597CRITICALCVSS 9.8EG 9.82018-01-23
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exis…
- CVE-2017-16598HIGHCVSS 8.8EG 8.82018-01-23
This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerabili…
- CVE-2017-16599MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing auth…
- CVE-2017-16600MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authenticat…
- CVE-2017-16601MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing a…
- CVE-2017-16603HIGHCVSS 8.8EG 8.82018-01-23
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability,…
- CVE-2017-16604MEDIUMCVSS 6.5EG 6.52018-01-23
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing a…
Map vulnerabilities like CWE-22 to your infrastructure
EchelonGraph correlates every CVE — across CWE-22 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →