CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,303 vulnerabilities with CWE-22
CVE-2007-4982
MW6 QRCode ActiveX < 3.0.0.1 - Arbitrary File Write via SaveAsBMP or SaveAsWMF Method
CVE-2007-4962
WinImage 8.10 and earlier - Path Traversal and Arbitrary File Write via Filename in .IMG or .ISO File
CVE-2007-4957
Chupix CMS 0.2.3 - Path Traversal and Arbitrary File Write via Download.php Parameters
CVE-2007-4902
Ultra Crypto Component <= 2.0 - Arbitrary File Write via CryptoX.dll SaveToFile Method
CVE-2007-4908
AuraCMS <= 2.1 - Remote File Inclusion via Pilih Parameter
CVE-2007-4895
Sisfo Kampus 2006 - Path Traversal via dwoprn.php f Parameter
CVE-2007-4890
Microsoft Visual Studio 6.0 - Arbitrary File Write via VBTOVSI.DLL SaveAs Method
CVE-2007-4842
Magellan Explorer < 3.32_build2305 - Path Traversal via FTP Filename
CVE-2007-4843
X-Diesel Unreal Commander 0.92 build 565 and 573 - Path Traversal via FTP Filename
CVE-2007-4825
PHP < 5.2.3 - Path Traversal via dl Function
CVE-2007-4820
Sisfo Kampus 2006 - Path Traversal via nmf Parameter
CVE-2007-4805
fuzzylime (cms) <= 3.0 - Path Traversal via getgalldata.php p Parameter
CVE-2007-4764
Pawfaliki 0.5.1 - Path Traversal via Page Parameter
CVE-2007-4756
Total Commander < 7.01 - Path Traversal via FTP Filename
CVE-2007-4471
Intuit QuickBooks Online Edition - Path Traversal
CVE-2007-4718
Claroline < 1.8.6 - Remote File Inclusion via Language Parameter
CVE-2007-4723
Ragnarok Online Control Panel 4.3.4a - Unauthenticated Path Traversal via URI Manipulation
CVE-2007-4726
weboddity 0.09b - Path Traversal via URI
CVE-2007-4655
CGI RESCUE Shopping Basket Pro <7.51 - Path Traversal
CVE-2007-4663
PHP < 5.2.3 - Path Traversal via Glob Function
CVE-2007-4641
Pakupaku CMS < 0.4 - Remote Code Execution via Path Traversal in Page Parameter
CVE-2007-4134
Fedora - Path Traversal via Directory Symlink in TAR Archive
CVE-2007-4220
Motorola Timbuktu Pro <8.6.5 - Path Traversal
CVE-2007-4583
ACTi Network Video Recorder SP2 2.0 - Path Traversal and Arbitrary File Write via nvUtility.Utility.1 ActiveX Control
CVE-2007-4585
2532gigs 1.2.1 - Remote File Inclusion via Language Parameter Path Traversal
Details
Vulnerabilities
9,303
Exploit Likelihood
High