CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,302 vulnerabilities with CWE-22
CVE-2008-1415
Multiple Time Sheets <5.0 - Path Traversal
CVE-2008-1000
Apple Mac OS X 10.5.2 - Authenticated Path Traversal and Arbitrary File Write via Wiki Server File Attachments
CVE-2008-1371
Drake CMS <0.4.11 RC8 - Path Traversal
CVE-2008-1343
SCO UnixWare 7.1.4 - Path Traversal
CVE-2008-1352
EdiorCMS 3.0 - Path Traversal via _SearchTemplate Parameter
CVE-2008-1117
Timbuktu Pro 8.6.5 - Path Traversal and Arbitrary File Write via Notes Feature
CVE-2008-1324
Travelsized CMS 0.4.1 - Path Traversal
CVE-2008-1325
Uberghey CMS 0.3.1 - Path Traversal
CVE-2008-1301
Alkacon OpenCms <7.0.4 - Path Traversal
CVE-2008-1310
PacketTrap Networks pt360 Tool Suite <2.0.3900.0 - Path Traversal
CVE-2008-1284
Horde Groupware < 1.0.4 and Groupware Webmail Edition < 1.0.5 - Authenticated Path Traversal via Theme Name
CVE-2008-1281
Argon Technology CMS <1.31 - Path Traversal
CVE-2008-1221
MicroWorld eScan <9.0.742.98-9.0.742.1 - Path Traversal
CVE-2008-1231
JSPWiki 2.4.104 and 2.5.139 - Path Traversal via Edit.jsp Editor Parameter
CVE-2008-1178
Centreon < 1.4.2.3 - Path Traversal via Page Parameter
CVE-2008-1169
SCI Photo Chat Server <3.4.9 - Path Traversal
CVE-2008-1145
WEBrick <1.8.5-p115, 1.8.6-p114, 1.9-1.9.0-1 - Path Traversal
CVE-2008-1119
Centreon < 1.4.2.3 - Path Traversal via get_image.php img Parameter
CVE-2008-1125
Podcast Generator <1.0 BETA 2 - Path Traversal
CVE-2008-1042
Linux Web Shop php Download Manager < 1.1 - Path Traversal via Content Parameter
CVE-2008-0923
VMware ACE, Player, and Workstation - Path Traversal via Multibyte String Bypass
CVE-2008-0981
Spyce 2.1.3 - Open Redirect via URL Parameter
CVE-2008-0946
Ipswitch IM Server < 2.0.8.1 - Authenticated Path Traversal via Recipient Field
CVE-2008-0905
Globsy 1.0 - Path Traversal via File Parameter
CVE-2008-0840
Public Warehouse LightBlog 9.6 - Path Traversal via Username Parameter
Details
Vulnerabilities
9,302
Exploit Likelihood
High