CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2011-3495
Measuresoft ScadaPro <4.0.0 - Path Traversal
CVE-2011-3487
Carel PlantVisor <2.4.4 - Path Traversal
CVE-2011-1359
IBM WebSphere Application Server <6.1.0.41-8.0.0.1 - Path Traversal
CVE-2011-2524
libsoup < 2.35.4 - Path Traversal via Encoded Dot-Dot in URI
CVE-2011-2718
phpMyAdmin 3.4.x < 3.4.3.2 - Authenticated Path Traversal via Export Type Field
CVE-2011-2643
phpMyAdmin 3.4.x < 3.4.3.2 - Remote File Inclusion via MIME-Type Transformation Parameter
CVE-2011-2780
Chyrp < 2.0 - Path Traversal via File Parameter in gz.php
CVE-2011-2744
Chyrp < 2.1 - Remote File Inclusion via Action Parameter
CVE-2011-2757
ManageEngine ServiceDesk Plus <= 8.0.0.12 - Path Traversal via FileDownload.jsp FILENAME Parameter
CVE-2011-2755
ManageEngine ServiceDesk Plus 8.0 - Path Traversal via FileDownload.jsp
CVE-2011-2508
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Authenticated Path Traversal via MIME Transformation Parameter
CVE-2011-0203
Apple Mac OS X <10.6.8 - Path Traversal
CVE-2011-2474
Sybase EAServer 6.3.1 Developer Edition - Path Traversal via HTTP Server
CVE-2011-2472
OProfile < 0.9.6 - Path Traversal via --save Argument
CVE-2011-2468
AnyMacro Mail System G4X - Path Traversal via Web Interface
CVE-2011-2167
Dovecot 2.0.x <2.0.13 - Path Traversal
CVE-2011-1595
rdesktop < 1.7.0 - Path Traversal via Disk Redirection
CVE-2011-0966
CiscoWorks Common Services < 3.3 - Unauthenticated Path Traversal via Audit Log File Parameter
CVE-2011-0426
VMware vCenter 4.0-4.1 and VirtualCenter 2.5 - Path Traversal
CVE-2011-1736
HP OpenView Storage Data Protector <6.11 - Path Traversal
CVE-2011-0071
Mozilla Firefox < 3.5.19 and 3.6.x < 3.6.17 - Directory Traversal via Resource URL
CVE-2011-1902
Proofpoint Messaging Security Gateway < 6.2.0.263 and Protection Server 5.5.3-6.2.0 - Path Traversal
CVE-2011-1900
InduSoft Web Studio <7.0+Patch 1 - Path Traversal
CVE-2011-1607
Cisco Unified Communications Manager <6.1.5su3-8.5.1 - Path Traversal
CVE-2011-1589
Mojolicious < 1.16 - Path Traversal via Encoded Slash Dot Dot Slash
Details
Vulnerabilities 9,290
Exploit Likelihood High