CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,303 vulnerabilities with CWE-22
CVE-2007-5465
doop_cms < 1.3.7 - Path Traversal via Page Parameter
CVE-2007-5463
ViArt Shop < 3.3_beta - Path Traversal via iDEAL Payment Module
CVE-2007-5461
Apache Tomcat 4.0.0-4.0.6, 4.1.0, 5.0.0, 5.5.0-5.5.25, 6.0.0-6.0.14 Path Traversal via WebDAV
CVE-2007-5446
PBEmail 7 ActiveX Edition - Unauthenticated Arbitrary File Write via SaveSenderToXml XmlFilePath Argument
CVE-2007-5454
PHP File Sharing System 1.5.1 - Path Traversal via Cam Parameter
CVE-2007-5417
boastMachine 2.8 - Path Traversal via id Parameter
CVE-2007-5366
Fujitsu Interstage Application Server 7.0-9.0.0 - Information Disclosure via Tomcat Servlet Service
CVE-2007-5364
ViArt Shopping Cart - Path Traversal via iDEAL Transaction Handler Filename Parameter
CVE-2007-5320
Pegasus Imaging ImagXpress 8.0 - Path Traversal via CacheFile and CompactFile Attributes
CVE-2007-5321
Verlihub Control Panel <= 1.7 - Path Traversal via Page Parameter
CVE-2007-5311
TorrentTrader Classic Edition 1.07 - Remote File Inclusion via ss_uri Parameter
CVE-2007-5299
SkaDate 5.0-6.0 - Path Traversal via View Mode Parameter
CVE-2007-5306
ELSEIF CMS Beta 0.6 - Path Traversal
CVE-2007-5219
CyberLink PowerDVD 7.0 - Path Traversal and Arbitrary File Write via CLAVSetting ActiveX CreateNewFile Method
CVE-2007-5174
actSite 1.56 - Path Traversal via News.php Do Parameter
CVE-2007-5005
CA BrightStor ARCserve Backup r11.0-r11.5 - Unauthenticated Path Traversal & Arbitrary File Write
CVE-2007-5110
EB Design ebCrypt <= 2.0.0.2087 - Arbitrary File Write via SaveToFile Method
CVE-2007-5103
Wordsmith 1.0 RC1 - Path Traversal via _path Parameter
CVE-2007-5092
Dance Music Module for phpNuke - Path Traversal via ACCEPT_FILE Array Parameter
CVE-2007-5069
Nuke Mobile Entertainment 1 - Remote File Inclusion via module_name Parameter
CVE-2007-5055
izicontents < 1_rc6 - Remote File Inclusion via Path Traversal in admin_home or rootdp Parameter
CVE-2007-5050
Neuron News 1.0 - Path Traversal via q Parameter
CVE-2007-5017
Yahoo Messenger 8.1.0.421 - Path Traversal and Arbitrary File Write via CYFT ActiveX GetFile Method
CVE-2007-4983
JetAudio 7.0.3 Basic and 7.0.3.3016 - Path Traversal and Arbitrary File Write via DownloadFromMusicStore Method
CVE-2007-4976
Coppermine Photo Gallery - Authenticated Path Traversal via viewlog.php log Parameter
Details
Vulnerabilities
9,303
Exploit Likelihood
High