CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2010-3930
MODx Evolution < 1.0.4 - Path Traversal via AjaxSearch
CVE-2010-4719
com_jradio < 1.5.0 - Path Traversal via Controller Parameter
CVE-2010-4715
Novell GroupWise <8.02HP - Path Traversal
CVE-2010-3689
Apache OpenOffice 3.0.0-3.2.1 - Privilege Escalation via LD_LIBRARY_PATH Manipulation
CVE-2010-3450
OpenOffice.org 2.x-3.3 - Path Traversal
CVE-2010-1679
dpkg < 1.14.31 - Directory Traversal via Source-Format 3.0 Patch
CVE-2010-4350
MantisBT < 1.2.4 - Remote Code Execution via db_type Parameter in admin/upgrade_unattended.php
CVE-2010-4634
osTicket 1.6 - Path Traversal via File Parameter to module.php
CVE-2010-4622
IBM Tivoli Access Manager for e-business 6.1.1 - Path Traversal via Encoded Dot Dot in URI
CVE-2010-4617
JotLoader 2.2.1 - Path Traversal via Section Parameter
CVE-2010-4613
Hycus CMS 1.0.3 - Path Traversal via Site Parameter
CVE-2010-4598
Ecava IntegraXor < 3.6.4000.0 - Path Traversal via File Name Parameter
CVE-2010-4330
Pulse CMS < 1.2.9 - Remote File Inclusion via Path Traversal in p Parameter
CVE-2010-4406
Brunetton LittlePhpGallery 1.0.2 - Path Traversal via Repertoire Parameter
CVE-2010-4399
DynPG CMS 4.1.1 and 4.2.0 - Path Traversal via CHG_DYNPG_SET_LANGUAGE Parameter
CVE-2010-4282
Pandora FMS < 3.1 - Remote File Inclusion and Arbitrary File Manipulation via Page Parameter
CVE-2010-4369
AWStats < 7.0 - Path Traversal via LoadPlugin Directory
CVE-2010-3910
vtiger CRM < 5.2.1 - Remote File Inclusion via Language Parameter Traversal
CVE-2010-4107
HP 9000 - Path Traversal
CVE-2010-4270
nBill (com_netinvoice) < 1.2_10, < 2.0.9, < 2.0.10 - Path Traversal via Directory Traversal Sequences
CVE-2010-4231
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Path Traversal via URI
CVE-2010-1829
Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Authenticated Path Traversal in AFP Server
CVE-2010-3867
ProFTPD < 1.3.3c - Authenticated Path Traversal via SITE MKDIR/RMDIR/SYMLINK/UTIME Commands
CVE-2010-3863
Apache Shiro < 1.1.0 and JSecurity 0.9.x - Path Traversal via URI Path Bypass
CVE-2010-4181
Yaws 1.89 - Path Traversal via Dot Dot Backslash Sequences
Details
Vulnerabilities 9,290
Exploit Likelihood High