CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,290 vulnerabilities with CWE-22
CVE-2011-1586
KDE SC < 4.6.2 - Path Traversal via Metalink File Name Attribute
CVE-2011-1688
Best Practical Solutions RT <4.0.0rc - Path Traversal
CVE-2011-1715
qooxdoo 1.3 - Path Traversal via Delay.php File Parameter
CVE-2011-1654
CA Total Defense <r12 - Path Traversal
CVE-2011-1669
WP Custom Pages <0.5.0.1 - Path Traversal
CVE-2011-1566
7-Technologies IGSS <9.00.00.11059 - Path Traversal
CVE-2011-1565
7-Technologies IGSS <9.00.00.11063 - Path Traversal
CVE-2011-0751
nostromo < 1.9.4 - Remote Code Execution and Arbitrary File Read via Encoded Dot-Dot-Slash
CVE-2011-0063
Majordomo <20110203 - Path Traversal
CVE-2011-1099
FocalMedia.Net Quick Polls < 1.0.1 - Path Traversal and Arbitrary File Deletion via p Parameter
CVE-2011-0345
Alcatel-Lucent OmniVista < 4760_r5.1.06.03 - Path Traversal via Lang Variable
CVE-2011-0725
Aptdaemon 0.40 - Path Traversal via UpdateCachePartially Method
CVE-2011-0329
DellSystemLite.Scanner ActiveX Control - Directory Traversal via GetData Method FileID Parameter
CVE-2011-0698
Django 1.1-1.1.4 and 1.2-1.2.5 - Directory Traversal via Session Cookie Key
CVE-2011-0903
AR Web Content Manager 2.2 - Path Traversal via awcm_theme or awcm_lang Cookie
CVE-2011-0537
MediaWiki < 1.16.2 - Remote Code Execution via Language File Path Traversal
CVE-2011-0049
Majordomo <20110131 - Path Traversal
CVE-2011-0518
LotusCMS Fraise 3.0 - Path Traversal and Arbitrary Local File Inclusion via System Parameter
CVE-2011-0506
Tsixm Axdcms - Path Traversal
CVE-2011-0505
Zwii 2.1.1 - Remote File Inclusion via set[template][value] Parameter
CVE-2011-0497
Sybase EAServer < 6.3 ESD#2 - Path Traversal via Dot Dot Forward-Slash Backslash Sequences
CVE-2011-0494
IBM Tivoli Access Manager for e-business 5.1-6.1.1 - Path Traversal in WebSEAL
CVE-2011-0405
phpgedview 4.2.3 - Path Traversal via pgvaction Parameter
CVE-2010-20109
HIGH
Barracuda <October 2010 - Path Traversal
CVE-2010-10012
HIGH
httpdasm 0.92 - Unauthenticated Path Traversal via URL-Encoded Backslashes
Details
Vulnerabilities
9,290
Exploit Likelihood
High