CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2010-3103
FTPGetter <3.51.0.05 - Path Traversal
CVE-2010-3102
SiteDesigner Technologies, Inc. 3D-FTP Client <9.0.2 - Path Traversal
CVE-2010-3101
FTPx Corp FTP Explorer <10.5.19.1 - Path Traversal
CVE-2010-3100
Porta+ FTP Client <4.1 - Path Traversal
CVE-2010-3099
SmartSoft Ltd SmartFTP Client <4.0.1133 - Path Traversal
CVE-2010-3098
IoRush Software FTP Rush <1.1.3 - Path Traversal
CVE-2010-3097
WinFrigate Frigate 3 FTP client <3.36 - Path Traversal
CVE-2010-3096
SoftX FTP Client <3.3 - Path Traversal
CVE-2010-2861 CRITICAL KEV
Adobe ColdFusion <9.0.1 - Path Traversal
CVSS 9.8
CVE-2010-2786
Matomo 0.6-0.6.3 - Path Traversal via Data-Renderer Request
CVE-2010-2920
Joomla! com_foobla_suggestions 1.5.1.2 - Path Traversal
CVE-2010-1577
Cisco Internet Streamer <2.5.7 - Path Traversal
CVE-2010-2857
com_music - Path Traversal via Album CID Parameter
CVE-2010-2850
nubuilder <10.07.12 - Path Traversal
CVE-2010-2848
InterJoomla ArtForms <2.1b7.2 - Path Traversal
CVE-2010-2695
Xlight FTP Server <3.6 - Path Traversal
CVE-2010-2682
Realtyna Translator 1.0.15 - Path Traversal
CVE-2010-2680
Joomla! - Path Traversal
CVE-2010-2676
Open Web Analytics OWA <1.2.3 - Path Traversal
CVE-2010-2655
IBM Advanced Management Module < 2.48 - Authenticated Path Traversal via DIR Parameter
CVE-2010-2627
Battlefield 2 < 2.1.50 and Battlefield 2142 < 1.10.48.0 - Path Traversal via Logo and Map Download URLs
CVE-2010-2452
KVIrc 3.4 and 4.0 - Path Traversal via DCC Functionality
CVE-2010-2507
com_picasa2gallery < 1.2.8 - Path Traversal via Controller Parameter
CVE-2010-2502
Splunk 4.0-4.0.10 and 4.1-4.1.1 - Path Traversal and Arbitrary File Read/Write
CVE-2010-2456
linker_img < 1.0 - Path Traversal via cook_lan Cookie Parameter
Details
Vulnerabilities 9,290
Exploit Likelihood High