Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) “..%5c” (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
CWE-22
CVE-2008-1042
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.
CVE-2008-0981
Open redirect vulnerability in spyce/examples/redirect.spy in Spyce – Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via “..” sequences in file attachments.
CVE-2008-0946
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
CVE-2008-0905
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.