CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,293 vulnerabilities with CWE-22
CVE-2008-6410
ol'bookmarks < 0.7.5 - Path Traversal via show Parameter
CVE-2008-6407
ol'bookmarks manager 0.7.5 - Path Traversal via frame.php framefile Parameter
CVE-2008-6361
InSun Feed CMS 1.7.3 19Beta - Path Traversal via Lang Parameter
CVE-2008-6336
Text Lines Rearrange Script 1.0 - Path Traversal via Filename Parameter
CVE-2008-6335
eMetrix Online Keyword Research Tool - Path Traversal via Download Filename Parameter
CVE-2008-6334
emetrix Extract Website - Path Traversal via Download Filename Parameter
CVE-2008-6317
PHPmyGallery 1.5 beta - Remote File Inclusion via conf[lang] Parameter
CVE-2008-6316
phpmygallery 1.0 beta2 - Remote File Inclusion via Lang Parameter Path Traversal
CVE-2008-6313
phpAddEdit 1.3 - Path Traversal and Remote File Inclusion via editform Parameter
CVE-2008-6308
Private Messaging System for PunBB < 1.2.3 - Remote File Inclusion via pun_user[language] Parameter
CVE-2008-6290
nicLOR Sito - Path Traversal via Page File Parameter
CVE-2008-6288
Interface Medien ibase < 2.03 - Path Traversal via Download Filename Parameter
CVE-2008-6273
MyKtools 3.0 - Authenticated Path Traversal via Language Parameter
CVE-2008-6271
tbmnetcms 1.0 - Path Traversal via Index.php Content Parameter
CVE-2008-6265
cyberfolio <= 7.12.2 - Path Traversal via Theme Parameter
CVE-2008-6253
Pluck 4.5.3 - Remote Code Execution via g_pcltar_lib_dir Parameter
CVE-2008-6224
Way Of The Warrior < 5.0 - Path Traversal via plancia Parameter
CVE-2008-6222
Pro Desk Support Center 1.0 and 1.2 - Path Traversal via Include File Parameter
CVE-2008-6201
KwsPHP 1.3.456 - Path Traversal via Help.php Action Parameter
CVE-2008-6195
LANDesk Management Suite < 8.80.1.1 - Unauthenticated Path Traversal via PXE TFTP Service
CVE-2008-6183
My PHP Indexer 1.0 - Path Traversal via d and f Parameters
CVE-2008-6177
LightBlog 9.8 - Path Traversal and Arbitrary File Execution via Username Parameter
CVE-2008-6172
RWCards 3.0.11 - Path Traversal and Arbitrary Local File Inclusion via Captcha Image Parameter
CVE-2008-6167
miniPortail 2.2 - Path Traversal via lng Parameter
CVE-2008-6139
WebBiscuits Modules Controller 1.1 - Path Traversal
Details
Vulnerabilities
9,293
Exploit Likelihood
High