CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2010-10011 MEDIUM
Acritum Femitter Server 1.04 - Path Traversal
CVSS 4.3
CVE-2010-5335 HIGH
IceWarp Webclient <10.2.1 - Path Traversal
CVSS 7.5
CVE-2010-5334 HIGH
IceWarp Webclient <10.2.1 - Path Traversal
CVSS 7.5
CVE-2010-5324
Novell ZENworks Configuration Management (ZCM) <10.3 - Path Traversal
CVE-2010-5323
Novell ZENworks <10.3 - Path Traversal
CVE-2010-0746
Fedora 11 and 12 - Local Privilege Escalation via DeviceKit-disks Label Path Traversal
CVE-2010-5286
Joomla! Jstore Component - Path Traversal via Controller Parameter
CVE-2010-5281
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
CVE-2010-5280
Joomla! com_cbe <1.4.10 - Path Traversal
CVE-2010-5278
MODx Revolution <2.0.2-pl - Path Traversal
CVE-2010-5102
TYPO3 <4.2.16-4.4.5 - Path Traversal
CVE-2010-5101
TYPO3 <4.2.16-4.4.5 - Path Traversal
CVE-2010-5086
bitweaver 2.7 and 2.8.1 - Path Traversal via Style Parameter
CVE-2010-4931
php-fusion - Path Traversal via folder_level Parameter
CVE-2010-4867
W-Agora < 4.2.1 - Path Traversal via Search Parameter
CVE-2010-4858
DNET Live-Stats <0.8 - Path Traversal
CVE-2010-4835
OneOrZero AIMS 2.6.0 - Path Traversal
CVE-2010-4801
baconmap 1.0 - Path Traversal via filepath Parameter
CVE-2010-4798
OrangeHRM 2.6.0.1 - Path Traversal via URI Parameter
CVE-2010-4790
FilterFTP 2.0.3 and 2.0.5 - Path Traversal via Dot Dot Backslash in Filename
CVE-2010-4229
Novell ZENworks Configuration Management 10.3-11 - Path Traversal and Arbitrary File Write via Inventory Upload
CVE-2010-4769
Joomla! com_jimtawl 1.0.2 - Path Traversal
CVE-2010-4651
GNU patch < 2.6.1 - Path Traversal via Filename with Dot-Dot Sequences
CVE-2010-4731
WebSCADA WS100/WS200 - Path Traversal
CVE-2010-4730
WebSCADA WS100/WS200 - Path Traversal
Details
Vulnerabilities 9,290
Exploit Likelihood High