CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,291 vulnerabilities with CWE-22
CVE-2010-0953
phpCOIN 1.2.1 - Path Traversal via mod Parameter
CVE-2010-0926
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
CVE-2010-0944
JCollection (com_jcollection) for Joomla! - Path Traversal via Controller Parameter
CVE-2010-0943
Joomla! JA Showcase (com_jashowcase) - Path Traversal via Controller Parameter
CVE-2010-0942
jVideoDirect (com_jvideodirect) - Path Traversal via Controller Parameter
CVE-2010-0933
Perforce Server 2008.1 - Path Traversal
CVE-2010-0801
AutartiTarot (com_autartitarot) 1.0.3 - Path Traversal
CVE-2010-0799
phpunity.newsmanager - Path Traversal
CVE-2010-0760
Core Design Scriptegrator <1.4.1 - Path Traversal
CVE-2010-0759
Core Design Scriptegrator <1.4.1 - Path Traversal
CVE-2010-0620
EMC HomeBase Server 6.2.x < 6.2.3 and 6.3.x < 6.3.2 - Path Traversal and Arbitrary File Write
CVE-2010-0146
Cisco Security Agent Management Center 6.0 - Authenticated Path Traversal
CVE-2010-0696
JoomlaWorks AllVideos <3.2 - Path Traversal
CVE-2010-0680
ZeusCMS 0.2 - Path Traversal via Page Parameter
CVE-2010-0676
weberr com_rwcards 3.0.18 - Path Traversal via Controller Parameter
CVE-2010-0287
DokuWiki < 2009-12-25b - Directory Traversal via ACL Manager ns Parameter
CVE-2010-0613
ARWScripts Fonts Script - Path Traversal via Base64-Encoded f Parameter
CVE-2010-0467 MEDIUM
com_ccnewsletter 1.0.5 - Path Traversal via Controller Parameter
CVSS 5.8
CVE-2010-0350
goof_fotoboek < 1.7.14 - Path Traversal
CVE-2010-0348
WebCalenderC3 <= 0.32 - Path Traversal
CVE-2010-0013 HIGH
Adium and Pidgin - Path Traversal via MSN Emoticon Request
CVSS 7.5
CVE-2010-0012 HIGH
Transmission 1.22, 1.34, 1.75, 1.76 - Path Traversal via .torrent File
CVSS 8.8
CVE-2010-0157
JoomlaBibleStudy com_biblestudy 6.1 - Path Traversal via Controller Parameter
CVE-2009-3721 HIGH
Evolution - Path Traversal and Buffer Overflow via TNEF Attachment Decoding
CVSS 7.8
CVE-2009-3887 CRITICAL
ytnef - Path Traversal
CVSS 9.8
Details
Vulnerabilities 9,291
Exploit Likelihood High