CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2012-2435
Pligg CMS - Authenticated Path Traversal and Arbitrary File Execution via Captcha Parameter
CVE-2012-0294
Symantec Endpoint Protection <12.1 - Path Traversal
CVE-2012-2919
Chevereto 1.9.1 - Path Traversal via Upload Engine v Parameter
CVE-2012-2421
Intuit QuickBooks <2012 - Path Traversal
CVE-2012-2215
Novell ZENworks Configuration Management 11.1-11.1a - Unauthenticated Path Traversal via Preboot Service Opcode 0x21
CVE-2012-0246
Ecava IntegraXor < 3.71.4200 - Remote Code Execution via ActiveX Control
CVE-2012-1918
AtMail Open-Source < 1.04 - Path Traversal via Attachment Parameter
CVE-2012-1917
AtMail Open-Source < 1.04 - Path Traversal via Unique Parameter
CVE-2012-1089
Apache Wicket <1.4.20, <1.5.5 - Path Traversal
CVE-2012-1841
Quantum Scalar i500 Firmware < i7.0.3 - Path Traversal via logShow.htm file Parameter
CVE-2012-1839
AjaXplorer 3.2.x < 3.2.5 and 4.0.x < 4.0.4 - Path Traversal and Arbitrary File Execution
CVE-2012-0403
EMC RSA enVision <4.1 - Path Traversal
CVE-2012-1790
webgrind 1.0 and 1.0.2 - Path Traversal via File Parameter
CVE-2012-0232
GE Intelligent Platforms Proficy Real-Time Information Portal 2.6-3.5 - Path Traversal via Remote Interface Service
CVE-2012-1497
Movable Type < 4.38, 5.0x < 5.07, 5.1x < 5.13 - Authenticated Path Traversal via mt:Include file Attribute
CVE-2012-0365
Cisco Small Business SRP520 and SRP540 Series Firmware - Authenticated Path Traversal via Local TFTP File Upload
CVE-2012-1207
Fork CMS < 3.2.5 - Path Traversal via Module Parameter
CVE-2012-0998
LEPTON < 1.1.4 - Remote File Inclusion via Language Parameter Path Traversal
CVE-2012-0996
11in1 1.2.1 - Path Traversal via Class Parameter
CVE-2012-1289
SAP NetWeaver 7.0 - Authenticated Path Traversal via Logfilename Parameter
CVE-2012-1226
Dolibarr CMS 3.2.0 Alpha - Path Traversal & Arbitrary File Read via Document.php or Backtopage Parameter
CVE-2012-1221
RabidHamster R2/Extreme - Unauthenticated Path Traversal via Telnet File Command
CVE-2012-1196
Lenovo ThinkManagement Console 9.0.3 - Path Traversal and Arbitrary File Deletion via VulCore Web Service
CVE-2012-1050
mathopd 1.4.x-1.5.x < 1.5p7 - Path Traversal via Host Header
CVE-2012-1047
Cyberoam Central Console <2.00.2 - Path Traversal
Details
Vulnerabilities
9,290
Exploit Likelihood
High