CWE-22

Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter.

Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via “..” (dot dot backslash) sequences in a filename. NOTE: the “..” are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.