CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2010-2426
Titan FTP Server < 8.10.1125 - Authenticated Path Traversal via XCRC Command
CVE-2010-2425
Titan FTP Server < 8.10.1125 - Authenticated Path Traversal via COMB Command
CVE-2010-2334
Yamamah Photo Gallery 1.00 - Path Traversal via Download Parameter
CVE-2010-2322
FastJar 0.98 - Path Traversal via Absolute Path in JAR Archive
CVE-2010-0831
FastJar 0.98 - Path Traversal via Non-Initial Pathname Component in JAR Archive
CVE-2010-0284
Novell Access Manager - Path Traversal and Arbitrary File Write via PortalModuleInstallManager getEntry Method
CVE-2010-2313
Anodyne Productions SIMM Management System 2.6.10 - Path Traversal via Page Parameter
CVE-2010-1374
Apple Mac OS X <10.6.4 - Path Traversal
CVE-2010-2307
Motorola SURFBoard SBV6120E - Directory Traversal via URL Request
CVE-2010-2269
Accoria Rock Web Server 1.4.7 - Path Traversal via loadstatic.cgi name Parameter
CVE-2010-2266
nginx 0.7.52-0.7.67 - Denial of Service via Encoded Directory Traversal Sequence
CVE-2010-1391
Apple Safari <5.0-4.1 - Path Traversal
CVE-2010-1571
Cisco UCCX <7.0(1)SR4-5.0(2)SR3 - Path Traversal
CVE-2010-2259
com_bfsurvey_profree - Path Traversal via Controller Parameter
CVE-2010-1848
MySQL 5.0-5.0.91 and 5.1 < 5.1.47 - Authenticated Path Traversal via Table Name
CVE-2010-2143
Symphony CMS 2.0.7 - Path Traversal via Mode Parameter
CVE-2010-2138
ProMan < 0.1.1 - Remote File Inclusion via _SESSION[userLang] Parameter
CVE-2010-2136
Article Friendly - Path Traversal via admin/index.php filename Parameter
CVE-2010-2129
Harmistechnology Com Jeajaxeventcalendar - Path Traversal
CVE-2010-2128
JE Quotation Form (com_jequoteform) 1.0b1 - Path Traversal via View Parameter
CVE-2010-2122
com_simpledownload < 0.9.6 - Path Traversal via Controller Parameter
CVE-2010-2112
FileCOPA < 5.03 - Path Traversal and Arbitrary File Write via FTP Service
CVE-2010-2104
Orbit Downloader 3.0.0.4 and 3.0.0.5 - Path Traversal and Arbitrary File Write via Metalink File Element
CVE-2010-2096
CMSQlite <= 1.2 - Path Traversal via mod Parameter
CVE-2010-2050
com_mscomment 0.8.0b - Path Traversal via Controller Parameter
Details
Vulnerabilities 9,290
Exploit Likelihood High