CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,292 vulnerabilities with CWE-22
CVE-2009-1319
GuestCal 2.1 - Remote File Inclusion via Lang Parameter Path Traversal
CVE-2009-1318
Jamroom 3.1.2 3.2.3-3.2.6 4.0.2 - Remote File Inclusion via Directory Traversal in t Parameter
CVE-2009-1246
Blogplus 1.0 - Path Traversal and Arbitrary File Execution via Multiple Parameters
CVE-2009-1222
webEdition <= 6.0.0.4 - Remote File Inclusion via WE_LANGUAGE Parameter
CVE-2009-0841
MapServer 4.x < 4.10.4 and 5.x < 5.2.2 - Path Traversal via id Parameter
CVE-2009-1148
phpMyAdmin < 3.1.3.1 - Path Traversal via BLOB Streaming File Path Parameter
CVE-2009-1090
rapidleech < rev.36 - Remote Code Execution via Directory Traversal in upload.php
CVE-2009-1089
rapidleech < rev36 - Unauthenticated Path Traversal via Base64-Encoded Filename Parameter
CVE-2009-1031
Serv-U File Server 7.0.0.1-7.4.0.1 - Unauthenticated Directory Traversal via FTP MKD Command
CVE-2009-0932
Horde < 3.2.4 and 3.3.3 and Horde Groupware < 1.1.5 - Remote Code Execution via Image Driver Path Traversal
CVE-2009-0929
Nucleus CMS - Path Traversal via Media Manager
CVE-2009-0886
oneorzero_helpdesk <= 1.6.5.7 - Path Traversal via Default Language Parameter
CVE-2009-0880
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
CVE-2009-0865
GeoVision LiveX ActiveX Control 8.1.2 and 8.2.0 - Path Traversal via SnapShotToFile Method
CVE-2009-0766
Kipper 2.01 - Path Traversal and Arbitrary File Execution via Configfile Parameter
CVE-2009-0765
Kipper 2.01 - Path Traversal via Configfile Parameter
CVE-2009-0753
mldonkey 2.8.4-2.9.7 - Path Traversal via Leading Double Slash
CVE-2009-0615
Cisco ANM <2.0 & ACE DM <A3(2.1) - Path Traversal
CVE-2009-0735
Papoo CMS 3.6 - Path Traversal via pfadhier Parameter
CVE-2009-0731
Free Arcade Script 1.0 - Path Traversal
CVE-2009-0729
Page Engine CMS 2.0 - Path Traversal
CVE-2009-0722
Potato News 1.0.0 - Unauthenticated Path Traversal via User Cookie Parameter
CVE-2009-0680
Netgear SSL312 - Denial of Service via Crafted Query String
CVE-2009-0640
Swann DVR4-SecuraNet - Path Traversal
CVE-2009-0645
Jaws 0.8.8 - Authenticated Path Traversal via Language, Introduction_complete, or use_log Parameters
Details
Vulnerabilities
9,292
Exploit Likelihood
High