CWE-22

Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.

Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to TCP port 2606.

Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.

Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.

Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.