CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2011-4640
SpamTitan WebTitan < 3.50 - Authenticated Path Traversal via logs-x.php fname Parameter
CVE-2011-4450
WikkaWiki 1.3.1 and 1.3.2 - Path Traversal via File Parameter
CVE-2011-4948
EGroupware < 1.8.001.20110805 and EGroupware Enterprise Line < 11.1.20110804-1 - Path Traversal via Type Parameter
CVE-2011-5141
Open Business Management < 2.4.0 - Authenticated Path Traversal via Module Parameter
CVE-2011-5127
Blue Coat Reporter 9.x < 9.2.4.13, 9.2.5.x < 9.2.5.1, 9.3 < 9.3.1.2 - Path Traversal
CVE-2011-2657
Novell ZENworks Configuration Management 10.2-11 SP1 - Remote Code Execution via LaunchHelp ActiveX Path Traversal
CVE-2011-4880
atvise webMI2ADS < 2.0.2 - Path Traversal via Crafted HTTP Request
CVE-2011-4878
Siemens WinCC flexible - Directory Traversal via URI
CVE-2011-4876
Siemens WinCC flexible 2004-2008 - Path Traversal and Arbitrary File Manipulation via HmiLoad Runtime Loader
CVE-2011-4135
Flexera FlexNet Publisher <11.10 - Path Traversal
CVE-2011-1389
IBM Rational License Key Server <8.1.2 - RCE
CVE-2011-4788
HP StorageWorks P2000 G3 MSA Array Systems - Unauthenticated Path Traversal via URI
CVE-2011-4532
Siemens Automation License Manager < 5.1 - Unauthenticated Arbitrary File Write
CVE-2011-4643
Splunk 4.x < 4.2.5 - Authenticated Path Traversal via URI
CVE-2011-5028
Novell Sentinel Log Manager < 1.2.0.1_938 - Authenticated Path Traversal via FileDownload Filename Parameter
CVE-2011-4168
HP Managed Printing Administration <2.6.4 - Path Traversal
CVE-2011-4166
HP Managed Printing Administration <2.6.4 - Path Traversal
CVE-2011-3837
Wuzly 2.0 - Path Traversal via Preview Parameter
CVE-2011-4596
OpenStack Nova < 2011.3.1 - Authenticated Path Traversal via S3/RegisterImage Tarball or Manifest
CVE-2011-4717
zFTPServer Suite 6.0.0.52 - Authenticated Path Traversal via RMD Command
CVE-2011-4835
HomeSeer HS2 2.5.0.20 - Path Traversal
CVE-2011-4832
CaupoShop Pro < 3.70 and Classic 3.01 - Path Traversal via Template Parameter
CVE-2011-4831
Web File Browser 0.4b14 - Authenticated Path Traversal via File Parameter
CVE-2011-4813
WHMCompleteSolution 3.x.x - Path Traversal via clientarea.php templatefile Parameter
CVE-2011-4810
WHMCompleteSolution 3.x-4.x - Unauthenticated Path Traversal via Template File Parameter
Details
Vulnerabilities
9,290
Exploit Likelihood
High