CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,291 vulnerabilities with CWE-22
CVE-2010-0501
Apple Mac OS X Server < 10.6.3 - Authenticated Path Traversal via FTP Server
CVE-2010-0533
Apple Mac OS X < 10.6.3 - Directory Traversal in AFP Server
CVE-2010-0989
Pulse CMS < 1.2.3 - Authenticated Path Traversal via Delete.php f Parameter
CVE-2010-1115
Web Server Creator - Web Portal 0.1 - Path Traversal
CVE-2010-1110
phpMySport 1.4 - Path Traversal via Current Folder Parameter
CVE-2010-1082
OI.Blogs 1.0.0 - Path Traversal via Theme or Scripts Parameter
CVE-2010-1081
com_communitypolls < 1.5.2 - Path Traversal via Controller Parameter
CVE-2010-1077
Crawlability vBSEO <3.1.0 - Path Traversal
CVE-2010-1063
Phpkobo Free Real Estate Contact Form 1.09 - Path Traversal
CVE-2010-1062
Phpkobo Free Real Estate Contact Form 1.09 - Path Traversal
CVE-2010-1061
Phpkobo Short URL 1.01 - Path Traversal
CVE-2010-1060
Phpkobo Short URL 1.01 - Path Traversal
CVE-2010-1059
Phpkobo Address Book Script <1.09 - Path Traversal
CVE-2010-1058
Phpkobo Address Book Script <1.09 - Path Traversal
CVE-2010-1057
Phpkobo AdFreely <1.01 - Path Traversal
CVE-2010-1056
RokDownloads < 1.0.1 - Unauthenticated Path Traversal via Controller Parameter
CVE-2010-1043
jaxCMS 1.0 - Path Traversal and Arbitrary File Execution via 'p' Parameter
CVE-2010-1003
eFront 3.5.x-3.5.5 - Path Traversal via Language Parameter
CVE-2010-0985
Joomla! com_abbrev 1.1 - Path Traversal
CVE-2010-0982
CARTwebERP <1.56.75 - Path Traversal
CVE-2010-0972
Joomla! com_gcalendar 2.1.5 - Path Traversal
CVE-2010-0967
Geekhelps ADMP 1.01 - Path Traversal
CVE-2010-0396
dpkg < 1.14.29 - Path Traversal via Crafted Debian Source Archive
CVE-2010-0958
Tribisur < 2.1 - Remote File Inclusion via Theme Parameter
CVE-2010-0957
Saskia's Shopsystem <beta1 - Path Traversal
Details
Vulnerabilities 9,291
Exploit Likelihood High