CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,299 vulnerabilities with CWE-22
CVE-2008-4331
phpocs < 0.1 - Path Traversal via Act Parameter
CVE-2008-4330
LanSuite 3.3.2 - Remote File Inclusion via Design Parameter Path Traversal
CVE-2008-4243
Unreal Tournament 3 WebAdmin < 1.7 - Unauthenticated Path Traversal via ImageServer URI
CVE-2008-4068
Mozilla Firefox < 2.0.0.17 and 3.x < 3.0.2 - Directory Traversal via Resource URI
CVE-2008-4067
Firefox < 2.0.0.17 and 3.x < 3.0.2 - Directory Traversal via Resource URI
CVE-2008-4151
CYASK 3.x - Path Traversal via Neturl Parameter
CVE-2008-4187
ProActive CMS - Path Traversal via Template Parameter
CVE-2008-4181
Netenberg Fantastico De Luxe < 2.10.4 - Authenticated Path Traversal via fantasticopath Parameter
CVE-2008-4158
Zanfi CMS lite 1.2 - Path Traversal via Flag or Inc Parameter
CVE-2008-4155
EasySite 2.3 - Path Traversal via Module or Action Parameter
CVE-2008-4129
Gallery < 1.5.9 and 2.x < 2.2.6 - Authenticated Path Traversal via ZIP Archive Upload
CVE-2008-3195
TWiki < 4.2.3 - Path Traversal and Arbitrary File Execution via Image Parameter
CVE-2008-4075
D-iscussion Board 3.01 - Path Traversal via Topic Parameter
CVE-2008-4040
Kyocera FS-118MFP - Path Traversal via URI
CVE-2008-3939
HIGH
AVTECH PageR Enterprise <5.0.7 - Path Traversal
CVSS 7.5
CVE-2008-3926
CMME 1.12 - Path Traversal
CVE-2008-3851
Pluck CMS 4.5.2 - Unauthenticated Path Traversal via Blogpost, Cat, and File Parameters
CVE-2008-3776
Fujitsu Web-Based Admin View <2.1.2 - Path Traversal
CVE-2008-3770
Freeway 1.4.1.171 - Path Traversal via Language Parameter
CVE-2008-3723
PHPizabi 0.848b C1 HFP3 - Path Traversal
CVE-2008-3727
MicroWorld Technologies MailScan <5.6.a - Path Traversal
CVE-2008-3708
dotcms 1.6.0.9 - Path Traversal via ID Parameter
CVE-2008-3710
CyBoards PHP Lite <1.21 - Path Traversal
CVE-2008-3675
Gelato 0.95 - Path Traversal
CVE-2008-3677
Freeway <1.4.2.197 - Path Traversal
Details
Vulnerabilities
9,299
Exploit Likelihood
High