CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,303 vulnerabilities with CWE-22
CVE-2003-1430
Unreal Tournament Server - Path Traversal via unreal:// URL
CVE-2003-1465
Phorum 3.4-3.4.2 - Path Traversal via download.php
CVE-2003-1499
Bytehoard 0.7 - Path Traversal via infolder Parameter
CVE-2003-1501
Gast Arbeiter 1.3 - Unauthenticated Path Traversal and Arbitrary File Write via req_file Parameter
CVE-2003-1529
Seagull Software Systems J Walk Application Server < 3.3c4 - Path Traversal via Encoded Dot Dot
CVE-2003-1537
PostNuke < 0.723 - Path Traversal via Theme Parameter
CVE-2003-1542
phpWebFileManager < 0.4.4 - Path Traversal via fm_path Parameter
CVE-2003-1545
nukestyles viewpage - Path Traversal via File Parameter
CVE-2002-2154
Monkey HTTP Daemon 0.1.4 - Path Traversal via Dot Dot Sequences
CVE-2002-2229
WebReflex 1.53 - Path Traversal via HTTP Request
CVE-2002-2233
Enceladus Server Suite 3.9 - Path Traversal via CD Command with @ Characters
CVE-2002-2238
Kunani ODBC FTP Server 1.0.10 - Path Traversal via Dot Dot Backslash in GET Request
CVE-2002-2240
MyServer 0.11 and 0.2 - Path Traversal via HTTP GET Request
CVE-2002-2256
pwins < 0.2.5 - Path Traversal via Unicode Characters
CVE-2002-2269
Webster HTTP Server - Path Traversal via URL
CVE-2002-2292
Halycon Software iASP 1.0.9 - Path Traversal via HTTP Request to Port 9095
CVE-2002-2351
Qualcomm Eudora 5.1 - Path Traversal via Trailing Dot in Attachment Name
CVE-2002-2375
CommuniGate Pro < 4.0b4 - Path Traversal via URL
CVE-2002-2387
Hyperion FTP Server 2.8.1 - Path Traversal via LS Command
CVE-2002-2399
W3Mail 1.0.6 - Path Traversal via File Parameter
CVE-2002-2403
KeyFocus kf_web_server 1.0.8 - Path Traversal via Multiple Dot Sequences
CVE-2002-2416
Zeroo http_server 1.5 - Path Traversal via URL GET Request
CVE-2001-1586
SimpleServer:WWW <1.13 - Path Traversal
CVE-2001-1205
Last Lines 2.0 - Path Traversal via Error Log Variable
CVE-2001-1432
Cherokee Web Server - Path Traversal
Details
Vulnerabilities
9,303
Exploit Likelihood
High