CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2011-4807
phpalbum < 0.4.1.16 - Path Traversal via var1 Parameter
CVE-2011-4804
com_obsuggest < 1.8 - Path Traversal via Controller Parameter
CVE-2011-4800
Serv-U File Server < 11.1.0.5 - Authenticated Path Traversal via Dot-Dot-Colon-Slash Sequence
CVE-2011-4716
DreamBox DM800 Firmware < 1.6 - Path Traversal via File Parameter
CVE-2011-4715
Koha < 3.4.7 and 3.6 < 3.6.1 and LibLime Koha < 4.2 - Path Traversal via KohaOpacLanguage Cookie
CVE-2011-4714
Virtual Vertex Muster < 6.1.2 - Path Traversal via Backslash Dot Dot in URL
CVE-2011-4713
osCSS2 <= 2.1.0 - Path Traversal via _ID Parameter
CVE-2011-4712
Oxide WebServer - Unauthenticated Path Traversal via Dot Dot Backslash
CVE-2011-4711
namazu < 2.0.16 - Path Traversal via lang or result Parameter
CVE-2011-2653
Novell ZENworks Asset Management 7.5 - Remote Code Execution via rtrlet Directory Traversal
CVE-2011-4675
Widelands < 15.1 - Path Traversal and Arbitrary File Write via Tilde Expansion
CVE-2011-4543
osCommerce 3.0.2 - Path Traversal and Arbitrary File Execution via Multiple Parameters
CVE-2011-1932
Widelands < 15.1 - Path Traversal via Dot Character in Internet Game File Transfer
CVE-2011-4036
Schneider Electric Vijeo Historian <4.30 - Path Traversal
CVE-2011-4001
HP no Mawashimono Nikki <6.6 - Path Traversal
CVE-2011-4122
OpenPAM <r478 - Privilege Escalation
CVE-2011-4431
Merethis Centreon < 2.3.2 - Authenticated Path Traversal via Command Name Parameter
CVE-2011-3171
pure-ftpd < 1.0.22 - Local Path Traversal and Arbitrary File Overwrite
CVE-2011-3315
Cisco Unified Communications Manager 5.x-8.x Path Traversal via Crafted URL
CVE-2011-3848
Puppet <2.6.10-2.7.4 - Path Traversal
CVE-2011-3229
Apple Safari - Remote JavaScript Execution via Crafted safari-extension: URL
CVE-2011-3305
Cisco NAC Manager 4.8.x - Path Traversal via TCP Port 443
CVE-2011-1572
gitolite < 1.5.9 - Remote Command Execution via Admin Defined Commands Path Traversal
CVE-2011-3357
MantisBT < 1.2.8 - Remote File Inclusion via Action Parameter
CVE-2011-3500
Cogent DataHub <7.1.1.63 - Path Traversal
Details
Vulnerabilities
9,290
Exploit Likelihood
High