CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,303 vulnerabilities with CWE-22
CVE-2007-3846
Subversion < 1.4.5 - Authenticated Path Traversal via Dot Dot Backslash Sequence
CVE-2007-4559
CRITICAL
Python < 3.6.16 - Path Traversal via Tarfile Extract Functions
CVSS 9.8
CVE-2007-4545
Unreal Commander <0.92 - Path Traversal
CVE-2007-4457
Dalai Forum 1.1 - Path Traversal via Chemin Parameter
CVE-2007-4271
IBM DB2 Universal Database < 8.0 and < 9.1 - Path Traversal via Environment Variable
CVE-2007-4420
EDraw Office Viewer Component 5.1 - Path Traversal
CVE-2007-4058
EMC VMware 6.0.0 - Remote Code Execution via vielib.dll StartProcess Path Traversal
CVE-2007-4062
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
CVE-2007-4031
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
CVE-2007-4008
Entertainment Media Sharing CMS - Path Traversal
CVE-2007-3967
HIGH
dirlist_php < 0.1.1 - Path Traversal via Folder Parameter
CVSS 7.5
CVE-2007-3936
a-shop < 0.70 - Path Traversal and Arbitrary File Deletion via filebrowser.asp delfiles Parameter
CVE-2007-2836
Hiki 0.8.0-0.8.6 - Unauthenticated Path Traversal and Arbitrary File Deletion via Session ID
CVE-2007-3504
JDK and JRE < 1.5.0 - Path Traversal via PersistenceService
CVE-2007-3487
HP Photo Digital Imaging ActiveX Control - Arbitrary File Write via saveXMLAsFile Method
CVE-2007-3072
Firefox < 2.0.0.4 - Path Traversal via resource:// URI
CVE-2007-1860
Apache Tomcat JK Web Server Connector < 1.2.23 - Path Traversal via Double-Encoded URL Prefix
CVE-2007-1773
aBitWhizzy - Directory Traversal via d Parameter
CVE-2007-0450
Apache HTTP Server and Tomcat 5.0.0-5.5.21 - Directory Traversal via Proxy Module URL Path
CVE-2007-1138
Cromosoft Simple Plantilla PHP - Path Traversal and Arbitrary File Read via nfolder Parameter
CVE-2007-1140
barekoncept pheap - Path Traversal via edit.php filename Parameter
CVE-2007-1143
J-Web Pics Navigator 1.0 - Path Traversal
CVE-2007-1144
J-Web Pics Navigator 2.0 - Path Traversal
CVE-2007-1149
LoveCMS 1.4 - Path Traversal via Step or Load Parameter
CVE-2007-1152
Pyrophobia 2.1.3.1 - Path Traversal
Details
Vulnerabilities
9,303
Exploit Likelihood
High