CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2012-6038
razorCMS < 1.2.1 - Authenticated Path Traversal via dir Parameter
CVE-2012-4959
Novell File Reporter <1.0.2 - Path Traversal
CVE-2012-4958
Novell File Reporter 1.0.2 - Path Traversal
CVE-2012-4957
Novell File Reporter <1.0.2 - Path Traversal
CVE-2012-5907
TomatoCart 1.2.0 Alpha 2 - Path Traversal via json.php Module Parameter
CVE-2012-5171
Be Graph BeZIP <3.10 - Path Traversal
CVE-2012-5687
TP-LINK TL-WR841N <3.13.9 - Path Traversal
CVE-2012-4940
Axigen Free Mail Server - Path Traversal
CVE-2012-4506
gitolite 3.x < 3.1 - Authenticated Path Traversal via Wildcard Repository Name
CVE-2012-5386
phpPaleo 4.8b180 - Remote File Inclusion via phppaleo4_lang Cookie
CVE-2012-5380
MEDIUM
Ruby 1.9.3-p194 - Privilege Escalation
CVSS 6.7
CVE-2012-5344
IpTools 0.1.4 - Unauthenticated Path Traversal via HTTP Request
CVE-2012-5335
Tiny Server 1.1.5 - Authenticated Path Traversal via URI
CVE-2012-5331
asaanCart 0.9 - Path Traversal via Page Parameter
CVE-2012-1671
phppaleo < 4.8b155 - Path Traversal via Lang Parameter
CVE-2012-0987
ImpressCMS <1.2.7-1.3.1 - Path Traversal
CVE-2012-5051
VMware CapacityIQ <1.5 - Path Traversal
CVE-2012-1471
ocPortal < 7.1.6 - Path Traversal via Catalogue File Parameter
CVE-2012-0419
Novell GroupWise <8.0 SP3, <2012 SP1 - Path Traversal
CVE-2012-1617
OSClass < 2.3.6 - Path Traversal and Arbitrary File Write via Combine.php Type Parameter
CVE-2012-3324
IBM DB2 and DB2 Connect 10.1 - Authenticated Path Traversal via UTL_FILE Module
CVE-2012-3305
IBM WebSphere Application Server (WAS) - Path Traversal
CVE-2012-3011
Fultek WinTr Scada <4.0.5 - Path Traversal
CVE-2012-5100
HServer 0.1.1 - Path Traversal via Encoded Dot-Dot-Backslash Sequences
CVE-2012-4997
AneCMS - Path Traversal and Arbitrary File Execution via ACP p Parameter
Details
Vulnerabilities
9,290
Exploit Likelihood
High