CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2012-4878
FlatnuX CMS 2011 08.09.2 - Path Traversal
CVE-2012-1467
Open Journal Systems < 2.3.6 - Authenticated Path Traversal via iBrowser Plugin rfiles.php param Parameter
CVE-2012-1112
Open-Realty CMS <2.5.8 - Path Traversal
CVE-2012-4867
vtiger CRM 5.1.0 - Path Traversal via module_name Parameter
CVE-2012-3380
Naxsi < 0.46 - Local Path Traversal via nx_extract.py
CVE-2012-4680
IOServer <1.0.19.0 - Path Traversal
CVE-2012-2227
PluXml < 5.1.5 - Path Traversal via default_lang Parameter
CVE-2012-4596
McAfee Email Gateway <7.0.1 - Path Traversal
CVE-2012-4356
Winlog Pro < 2.07.17 - Unauthenticated Path Traversal via TCP Port 46824 File Operations
CVE-2012-2208
Piwigo < 2.3.3 - Remote File Inclusion via Upgrade Language Parameter
CVE-2012-4253
mysqldumper 1.24.4 - Path Traversal via Language Parameter
CVE-2012-2968
Caucho Quercus <4.0.29 - Path Traversal
CVE-2012-3865
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Authenticated Arbitrary File Deletion via Node Name Path Traversal
CVE-2012-2202
IBM Lotus Protector for Mail Security 2.1/2.5/2.5.1/2.8 - Authenticated Path Traversal
CVE-2012-2194
IBM DB2 9.1-10.1 - Path Traversal via SQLJ.DB2_INSTALL_JAR Stored Procedure
CVE-2012-3360
OpenStack Compute (Nova) Essex and Folsom - Authenticated Path Traversal via Disk Image File Path Attribute
CVE-2012-2139
Mail gem < 2.4.4 - Path Traversal via File Delivery To Parameter
CVE-2012-4031
Wangkongbao CNS-1000 and 1100 - Path Traversal via Lang or Langid Cookie
CVE-2012-4027
Tridium Niagara AX Framework - Path Traversal via Incorrect Folder Permissions
CVE-2012-0410
Novell GroupWise <8.03 - Path Traversal
CVE-2012-2560
WellinTech KingView 6.53 - Path Traversal
CVE-2012-2181
IBM WebSphere Portal 7.0.0.1-7.0.0.2 and 8.0 - Path Traversal via Dojo Module
CVE-2012-0186
IBM Lotus Expeditor 6.1.x and 6.2.x - Path Traversal via Eclipse Help Component
CVE-2012-3588
Plugin Newsletter plugin 1.5 - Path Traversal via Data Parameter
CVE-2012-2597
Siemens WinCC 7.0 SP3 - Path Traversal
Details
Vulnerabilities
9,290
Exploit Likelihood
High