CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,292 vulnerabilities with CWE-22
CVE-2009-1737
MyPic 2.1 - Path Traversal via Dir Parameter
CVE-2009-1730
NetMechanica NetDecision TFTP Server 4.2 - Path Traversal and Arbitrary File Write via GET or PUT Command
CVE-2009-1678
bitweaver < 2.6 - Path Traversal and Arbitrary File Write via Version Parameter
CVE-2009-1653
TinyButStrong 3.4.0 - Path Traversal via Script Parameter
CVE-2009-1649
beLive 0.2.3 - Path Traversal via arch Parameter
CVE-2009-1625
Thickbox Gallery 2 - Path Traversal via ln Parameter
CVE-2009-1624
Dew-NewPHPLinks 2.0 - Path Traversal via Show Parameter
CVE-2009-1621
OpenCart 1.1.8 - Path Traversal via Route Parameter
CVE-2009-1559
Cisco WVC54GCA - Path Traversal via this_file Parameter
CVE-2009-1558
Cisco WVC54GCA - Path Traversal via next_file Parameter
CVE-2009-1523
Jetty 5.1.14 6.x < 6.1.17 and 7.x <= 7.0.0.M2 - Path Traversal via URI
CVE-2009-1519
Pecio CMS 1.1.5 - Path Traversal via Language Parameter
CVE-2009-1510
KoschtIT Image Gallery 1.82 - Path Traversal via File Parameter
CVE-2009-1502
S-Cms 1.1 Stable and 1.5.2 - Path Traversal via Page Parameter
CVE-2009-1498
idb 0.2.5 Pre-Alpha SVN 243 - Path Traversal via Skin Parameter
CVE-2009-1496
Ijobid Com Cmimarketplace - Path Traversal
CVE-2009-1488
FunGamez RC1 - Remote File Inclusion via Module Parameter Path Traversal
CVE-2009-1486
Flatchat 3.0 - Path Traversal via pmscript.php with Parameter
CVE-2009-1456
Malleo 1.2.3 - Authenticated Path Traversal via Module Parameter
CVE-2009-1445
WebPortal CMS 0.8-beta - Path Traversal and Arbitrary File Read via lang Parameter
CVE-2009-1407
NotFTP 1.3.1 - Path Traversal via Languages Parameter
CVE-2009-1406
TotalCalendar 2.4 - Path Traversal via Include Parameter
CVE-2009-1405
PastelCMS 0.8.0 - Path Traversal via set_lng Parameter
CVE-2009-1368
moziloCMS 1.11 - Path Traversal via Page Parameter
CVE-2009-1354
Mongoose 2.4 - Path Traversal via URI
Details
Vulnerabilities
9,292
Exploit Likelihood
High