CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,302 vulnerabilities with CWE-22
CVE-2008-0513
phpcms 1.2.2 - Path Traversal via File Parameter in parser.php
CVE-2008-0521
Bubbling Library 1.32 - Path Traversal via URI Parameter
CVE-2008-0488
VB Marketing - Path Traversal via tseekdir.cgi Location Parameter
CVE-2008-0489
Clansphere 2007.4.4 - Path Traversal via Lang Parameter
CVE-2008-0501
phpMyClub 0.0.1 - Path Traversal via page_courante Parameter
CVE-2008-0478
SetCMS 3.6.5 - Path Traversal and Arbitrary File Execution via set Parameter
CVE-2008-0479
Web Wiz NewsPad 1.02 - Path Traversal via RTE_file_browser.asp Sub Parameter
CVE-2008-0480
Web Wiz Forums < 9.07 - Path Traversal via RTE_file_browser.asp or file_browser.asp Sub Parameter
CVE-2008-0481
Web Wiz Rich Text Editor 4.0 - Path Traversal via RTE_file_browser.asp sub Parameter
CVE-2008-0405
HTTP File Server < 2.2b - Path Traversal and Arbitrary File Write via Account Name
CVE-2008-0458
SLAED CMS 2.5 Lite - Remote File Inclusion via newlang Parameter
CVE-2008-0459
Liquidsilvercms - Path Traversal
CVE-2008-0464
absofort aconon Mail Enterprise SQL - Path Traversal via Template Parameter
CVE-2008-0465
Seagull 0.6.3 - Path Traversal via Files Parameter
CVE-2008-0452
Siteman 1.1.9 - Path Traversal via Cat Parameter in Articles.php
CVE-2008-0427
bloofoxCMS 0.3 - Path Traversal via File Parameter
CVE-2008-0431
idmos_cms 1.0 - Unauthenticated Path Traversal via administrator/download.php fileName Parameter
CVE-2008-0435
ozjournals 2.1.1 - Path Traversal via Print Preview ID Parameter
CVE-2008-0396
BitDefender Update Server - Unauthenticated Path Traversal via HTTP Request
CVE-2008-0393
GradMan < 0.1.3 - Path Traversal via Tabla Parameter
CVE-2008-0357
Galaxyscripts Mini File Host < 1.2.1 - Unauthenticated Path Traversal via Language Parameter
CVE-2008-0361
GradMan < 0.1.3 - Path Traversal and Arbitrary File Execution via Tabla Parameter
CVE-2008-0332
aria 0.99-6 - Path Traversal via Page Parameter
CVE-2008-0333
AfterLogic MailBee WebMail Pro 4.1 - Path Traversal via download_view_attachment.aspx temp_filename Parameter
CVE-2008-0338
MiniWeb HTTP Server 0.8.19 - Path Traversal via Partially Encoded Dot Dot Sequences
Details
Vulnerabilities
9,302
Exploit Likelihood
High