CWE-22 |
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
CWE-220 |
The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties. |
CWE-221 |
The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. |
CWE-222 |
The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack. |
CWE-223 |
The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe. |
CWE-224 |
The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name. |
CWE-225 |
This weakness can be found at CWE-199. |
CWE-226 |
The product prepares to release a resource such as memory or a file so that the resource can be reused by other entities, but the product does not fully clear previously-used sensitive information from that resource before the resource is released. |
CWE-228 |
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification. |
CWE-229 |
The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined. |