CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,299 vulnerabilities with CWE-22
CVE-2008-2635
BitKinex 2.9.3 - Path Traversal and Arbitrary File Write via FTP LIST and WebDAV PROPFIND Responses
CVE-2008-2403
Sun Java ASP Server < 4.0.3 - Path Traversal via MapPath Method
CVE-2008-2534
Phoenix View CMS Pre Alpha2 and earlier - Path Traversal via ltarget Parameter
CVE-2008-2519
Core FTP 2.1 Build 1565 - Path Traversal via LIST Command Response
CVE-2008-1571
Apple Mac OS X <10.5 - Path Traversal
CVE-2008-2511
CA Internet Security Suite Plus 2008 - Arbitrary File Write via UmxEventCli ActiveX SaveToFile Method
CVE-2008-2512
Symantec Backup Exec System Recovery Manager 7.x-8.x - Path Traversal
CVE-2008-2482
insanevisions OneCMS 2.5 - Path Traversal via install_mod.php load Parameter
CVE-2008-2483
Xomol CMS 1.20071213 - Path Traversal via 'op' Parameter
CVE-2008-2495
Zina 1.0 RC3 - Path Traversal via p Parameter
CVE-2008-2459
EntertainmentScript 1.4.0 - Path Traversal via Page Parameter
CVE-2008-2399
FireFTP < 0.98 - Path Traversal and Arbitrary File Write via MLSD/LIST Command Response
CVE-2008-2415
DigitalHive 2.0 RC2 - Path Traversal via Page Parameter
CVE-2008-2241
CA BrightStor ARCServe Backup 11.0-11.5 - Path Traversal and Arbitrary File Write via Log Message Input
CVE-2008-2350
bcoos 1.0.9-1.0.13 - Path Traversal via File Parameter
CVE-2008-2352
Smeego 1.0 - Remote File Inclusion via Lang Cookie
CVE-2008-2353
gnugallery < 1.1.1.0 - Path Traversal via show Parameter
CVE-2008-2355
WR-Meeting 1.0 - Path Traversal via msnum Parameter
CVE-2008-2342
News Manager 2.0 - Path Traversal via Attachments.php ID Parameter
CVE-2008-2215
Project-Based Calendaring System 0.7.1-1 - Path Traversal via Filename Parameter
CVE-2008-2217
Content Management System 0.6.1 - Path Traversal via cm_imgpath Parameter
CVE-2008-2227
PHP-Fusion Forum Rank System 6 - Path Traversal via settings[locale] Parameter
CVE-2008-2185
SMartBlog 1.3 - Path Traversal via Page Parameter
CVE-2008-2116
ScriptsEZ.net Power Editor 2.0 - Path Traversal via te and dir Parameters
CVE-2008-2091
KubeLabs Kubelance 1.6.4 - Path Traversal via IPN i Parameter
Details
Vulnerabilities 9,299
Exploit Likelihood High