CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,292 vulnerabilities with CWE-22
CVE-2009-3792
Adobe Flash Media Server < 3.5.3 - Arbitrary DLL Loading via Path Traversal
CVE-2009-4315
Nuggetz CMS 1.0 - Path Traversal and Arbitrary File Write via nugget Parameter
CVE-2009-4231
SweetRice < 0.5.3 - Remote File Inclusion via Plugin Parameter
CVE-2009-4216
Klinza Professional CMS <5.0.1 - Path Traversal
CVE-2009-4205
Flashlight Free Edition - Path Traversal
CVE-2009-4202
Omilen Photo Gallery <Beta 0.5 - Path Traversal
CVE-2009-4194 HIGH
Golden FTP Server <4.50 - Path Traversal
CVSS 8.1
CVE-2009-4192
Interspire Knowledge Manager 5 - Path Traversal
CVE-2009-4154
Elxis CMS - Path Traversal via Feed Creator Filename Parameter
CVE-2009-4116
CutePHP CuteNews <1.4.6 - Path Traversal
CVE-2009-4088
telepark.wiki <2.4.23 - Path Traversal
CVE-2009-3898
nginx <0.7.63, <0.8.17 - Path Traversal
CVE-2009-4056
Betsy CMS 3.5 - Path Traversal via Admin Popup Parameter
CVE-2009-4053 MEDIUM
Home FTP Server 1.10.1.139 - Path Traversal
CVSS 6.5
CVE-2009-4050
phpMyBackupPro 2.1 - Path Traversal
CVE-2009-3728
SUN Jre - Path Traversal
CVE-2009-3912
TFTgallery 0.13 - Path Traversal via Album Parameter
CVE-2009-3902
Cherokee Web Server <0.5.4 - Path Traversal
CVE-2009-3733
VMware ESX 3.0.3 and 3.5 and ESXi 3.5 - Path Traversal
CVE-2009-3825
GenCMS 2006 - Path Traversal via 'p' Parameter in show.php and 'Template' Parameter in admin/pages/SiteNew.php
CVE-2009-3824
Greenwood PHP Content Manager 0.3.2 - Path Traversal via Content Path Parameter
CVE-2009-3823
Mobilelib GOLD 3.0 - Path Traversal via GLOBALS[page] Parameter
CVE-2009-3787
Vivvo CMS 4.1.5.1 - Path Traversal via File Parameter
CVE-2009-3625
Sahana 0.6.2.2 - Path Traversal via Mod Parameter
CVE-2009-1479
Boxalino - Path Traversal via URL Parameter
Details
Vulnerabilities 9,292
Exploit Likelihood High