CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,292 vulnerabilities with CWE-22
CVE-2009-3123
visavi wap-motor < 18.0 - Path Traversal via Image Parameter
CVE-2009-3064
Rein Velt Vedit - Path Traversal
CVE-2009-3053
jvitals com_agora 3.0.0b - Path Traversal via Action Parameter
CVE-2009-2968
VMware Studio 2.0 public beta - Path Traversal and Arbitrary File Write via Web Interface
CVE-2009-2931
SlideShowPro Director 1.1-1.3.8 - Path Traversal via p.php a Parameter
CVE-2009-2925
DJCalendar - Path Traversal via TEMPLATE Parameter
CVE-2009-2923
BitmixSoft PHP-Lance 1.52 - Path Traversal via Language or Search Parameter
CVE-2009-2922
Pixaria Gallery 2.0.0-2.3.5 - Path Traversal via Base64-Encoded File Parameter
CVE-2009-1873
Adobe JRun Application Server 4 Updater 7 - Authenticated Path Traversal via Logfile Parameter
CVE-2009-2792
Really Simple CMS 0.3a - Path Traversal
CVE-2009-2787
Reputation plugin for PunBB <= 2.2.4 - Remote File Inclusion via pun_user[language] Parameter
CVE-2009-2784
dit.cms 1.3 - Path Traversal via Multiple Parameters
CVE-2009-2659
Django 0.96.0-0.96.3 and 1.0 - Path Traversal via Admin Media Handler
CVE-2009-2658
ZNC < 0.072 - Unauthenticated Path Traversal and Arbitrary File Write via DCC SEND Request
CVE-2009-2611
MyFusion 6 Beta - Path Traversal and Arbitrary File Execution via settings[locale] Parameter
CVE-2009-2600
Webboard 2.90 beta - Path Traversal
CVE-2009-2557
Admin News Tools 2.5 - Path Traversal
CVE-2009-2552
Super Simple Blog Script 2.5.4 - Path Traversal
CVE-2009-2546
Advanced Electron Forum (AEF) 1.x - Path Traversal
CVE-2009-2544
Marcelo Costa FileServer <1.0 - Path Traversal
CVE-2009-2047
Cisco CRS <7.0(1) SR2 - Path Traversal
CVE-2009-2449
ADbNewsSender <1.5.6 - Path Traversal
CVE-2009-2444
ADbNewsSender <1.5.6, 2.0-RC2 - Path Traversal
CVE-2009-2398
PHP-Sugar 0.80 - Path Traversal via t Parameter
CVE-2009-2397
Audio Article Directory - Path Traversal
Details
Vulnerabilities
9,292
Exploit Likelihood
High