CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,303 vulnerabilities with CWE-22
CVE-2006-2337
D-Link DSL-G604T - Path Traversal via Webcm Getpage Parameter
CVE-2006-1746
phplist < 2.10.2 - Unauthenticated Path Traversal via GLOBALS Parameter Overwrite
CVE-2006-0950
unalz 0.53 - Arbitrary File Overwrite via ALZ Archive Filename Traversal
CVE-2006-1095
Apache mod_python 3.2.7 - Local Arbitrary Code Execution via FileSession Session Cookie
CVE-2006-0976
SPiD 1.3.1 - Path Traversal via scan_lang_insert.php lang Parameter
CVE-2006-0931
PEAR Archive_Tar < 1.3.2 - Path Traversal and Arbitrary File Write via Crafted TAR Archive Pathnames
CVE-2006-0871
Mambo 4.5.3, 4.5.3h - Path Traversal via mos_change_template Parameter
CVE-2006-0795
Quirex < 2.0.2 - Path Traversal and Arbitrary File Read via convert.cgi Variables
CVE-2006-0434
phpXplorer - Path Traversal via sAction Parameter
CVE-2006-0223
Shanghai TopCMM 123 Flash Chat Server Software 5.1 - Path Traversal and Arbitrary File Write via Username Field
CVE-2005-10002 MEDIUM
almosteffortless secure-files <1.1 - Path Traversal
CVSS 5.5
CVE-2005-2349 HIGH
Zoo 2.10 - Path Traversal
CVSS 7.5
CVE-2005-1918
GNU tar - Path Traversal via Crafted Tar File
CVE-2005-2619
Autonomy KeyView SDK <9.2.0 - Path Traversal
CVE-2005-4600
TinyMCE Compressor PHP <1.06 - Path Traversal
CVE-2005-3355
GNU Gnump3d - Path Traversal via CGI Parameters and Cookie Values
CVE-2005-1925
Tikiwiki < 1.9.1 - Path Traversal via suck_url or language Parameter
CVE-2005-3347
phpgroupware <= 0.9.16 - Path Traversal via sensor_program or HTTP_ACCEPT_LANGUAGE Parameter
CVE-2005-3548
Invision Power Board 2.0.1 - Path Traversal via Task PHP File To Run Field
CVE-2005-2792
phpLDAPadmin <0.9.8 - Path Traversal
CVE-2005-2371
Oracle Reports 6.0, 6i, 9i, 10g - Path Traversal via desname Parameter
CVE-2005-2378
Oracle Reports - Path Traversal via CUSTOMIZE or desformat Parameter
CVE-2005-2033
Blue-Collar Productions i-Gallery 3.3 - Path Traversal via Folder Parameter
CVE-2005-1813
FutureSoft TFTP Server Evaluation Version 1.0.0.1 - Path Traversal via TFTP GET Request
CVE-2005-0253
BibORB 1.3.2 - Path Traversal via Database Name Parameter
Details
Vulnerabilities 9,303
Exploit Likelihood High