CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,292 vulnerabilities with CWE-22
CVE-2009-0596
phpSkelSite 1.4 - Remote File Inclusion via TplSuffix Parameter
CVE-2009-0592
PNphpBB2 <= 1.2i - Remote File Inclusion via ModName Parameter
CVE-2009-0570
Ninja Designs Mailist 3.0 - Path Traversal
CVE-2009-0535
Thyme 1.3 - Path Traversal via Export Parameter
CVE-2009-0515
yanocc < 0.1.0 - Remote File Inclusion via Lang Parameter Path Traversal
CVE-2009-0514
WebFrame 0.76 - Path Traversal and Arbitrary File Execution via currentmod and LANG Parameters
CVE-2009-0457
AJA Portal 1.2 - Path Traversal via currentlang or module_name Parameter
CVE-2009-0448
Syntax Desktop 2.7 - Path Traversal
CVE-2009-0442
PHPbbBook <1.3-1.3h - Path Traversal
CVE-2009-0497
Ignite Realtime Openfire 3.6.2 - Path Traversal
CVE-2009-0423
Php Photo Album (PHPPA) 0.8 BETA - Path Traversal
CVE-2009-0392
Motorola Wimax modem CPEi300 - Path Traversal
CVE-2009-0371
SiteXS CMS <= 0.1.1 - Path Traversal via Type Parameter
CVE-2009-0340
Simple PHP Newsletter <1.5 - Path Traversal
CVE-2009-0331
Enhanced Simple PHP Gallery <1.72 - Path Traversal
CVE-2009-0330
SCMS 1 - Path Traversal via Index.php P Parameter
CVE-2009-0325
Ninja Blog 4.8 - Path Traversal via Cat Parameter
CVE-2009-0291
OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter
CVE-2009-0290
SIR GNUBoard 4.31.03 - Path Traversal
CVE-2009-0288
k23productions TFTPUtil GUI <1.3.0 - Path Traversal
CVE-2009-0286
OpenGoo 1.1 - Path Traversal via form_data[script_class] Parameter
CVE-2009-0271
Fujitsu SystemcastWizard Lite <2.0 - Path Traversal
CVE-2009-0244
HIGH
Microsoft Bluetooth stack - Path Traversal
CVSS 8.8
CVE-2009-0113
Joomla XStandard - Directory Traversal via X_CMS_LIBRARY_PATH HTTP Header
CVE-2008-3277
ibmssh <1.5.7-2 - Privilege Escalation
Details
Vulnerabilities
9,292
Exploit Likelihood
High