CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,303 vulnerabilities with CWE-22
CVE-2008-0338
MiniWeb HTTP Server 0.8.19 - Path Traversal via Partially Encoded Dot Dot Sequences
CVE-2008-0259
minimal_gallery 0.8 - Path Traversal via thumbcat or thumb Parameter
CVE-2008-0252
CherryPy 2.x-3.0.2 - Path Traversal and Arbitrary File Manipulation via Session ID
CVE-2008-0231
Tuned Studios Classic Theme and others - Path Traversal via Page Parameter
CVE-2008-0221
Gateway Weblaunch 1.0.0.1 - Remote Code Execution via DoWebLaunch Method Path Traversal
CVE-2008-0194
WordPress < 2.0.3 - Path Traversal and Arbitrary File Read/Delete via Backup Parameter
CVE-2008-0196
WordPress < 2.0.11 - Path Traversal and Arbitrary File Write via Page and Import Parameters
CVE-2008-0184
Sys-Hotel on Line System - Path Traversal via Encoded File Parameter
CVE-2008-0156
million_dollar_script 2.0.14 - Path Traversal via Encoded Slash in Link Parameter
CVE-2008-0158
Shop-Script 2.0 - Path Traversal via aux_page Parameter
CVE-2008-0140
Uebimiau Webmail 2.7.10 and 2.7.2 - Authenticated Path Traversal via Selected Theme Parameter
CVE-2008-0094
Modxcms - Path Traversal
CVE-2008-0091
agency4net WEBFTP 1 - Path Traversal and Arbitrary File Read/Delete via download2.php file Parameter
CVE-2007-6736
pyftpdlib < 0.2.0 - Authenticated Path Traversal via LIST STOR or RETR Command
CVE-2007-6672
Mortbay Jetty <6.1.7 - Info Disclosure
CVE-2007-6648
SanyBee Gallery <0.1.2 - Path Traversal
CVE-2007-6651
bitweaver - Path Traversal via wiki/edit.php suck_url Parameter
CVE-2007-6653
Mihalism Multi Host <2.0.7 - Path Traversal
CVE-2007-6662
CuteNews 2.6 - Path Traversal via File Parameter
CVE-2007-6620
Joovili 2.x - Path Traversal via Picture Parameter
CVE-2007-6621
Joovili 3.0.0-3.0.6 - Path Traversal via Picture Parameter
CVE-2007-6623
ZeusCMS < 0.3 - Path Traversal via Dir Parameter
CVE-2007-6624
PNphpBB2 1.2i - Path Traversal via phpEx Parameter
CVE-2007-6612
Mongrel 1.0.4 and 1.1.x < 1.1.3 - Directory Traversal via Double-Encoded Sequences
CVE-2007-6604
XCMS <= 1.82 - Path Traversal via Admin Page s Parameter or Module pg Parameter
Details
Vulnerabilities
9,303
Exploit Likelihood
High