CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,734)
page 106 of 187| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-4713 | 0.04 | — | 0.08 | Dec 8, 2011 | Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php. | ||
| CVE-2009-5087 | 0.04 | — | 0.08 | Sep 12, 2011 | Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. | ||
| CVE-2011-2474 | 0.04 | — | 0.12 | Jun 9, 2011 | Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. | ||
| CVE-2011-1715 | 0.04 | — | 0.07 | Apr 18, 2011 | Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter. | ||
| CVE-2011-0751 | 0.04 | — | 0.07 | Mar 16, 2011 | Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | ||
| CVE-2011-1099 | 0.04 | — | 0.06 | Mar 9, 2011 | Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php. | ||
| CVE-2011-0405 | 0.04 | — | 0.10 | Jan 11, 2011 | Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter. | ||
| CVE-2010-4350 | 0.04 | — | 0.10 | Jan 3, 2011 | Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | ||
| CVE-2010-4330 | 0.04 | — | 0.07 | Dec 7, 2010 | Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php. | ||
| CVE-2010-4399 | 0.04 | — | 0.07 | Dec 6, 2010 | Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information. | ||
| CVE-2010-4231 | 0.04 | — | 0.11 | Nov 17, 2010 | Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||
| CVE-2010-3863 | 0.04 | — | 0.11 | Nov 5, 2010 | Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | ||
| CVE-2010-4181 | 0.04 | — | 0.08 | Nov 4, 2010 | Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. | ||
| CVE-2010-3490 | 0.04 | — | 0.09 | Sep 28, 2010 | Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. | ||
| CVE-2010-3306 | 0.04 | — | 0.06 | Sep 24, 2010 | Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. | ||
| CVE-2010-3486 | 0.04 | — | 0.08 | Sep 22, 2010 | Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. | ||
| CVE-2010-3460 | 0.04 | — | 0.10 | Sep 17, 2010 | Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | ||
| CVE-2010-3456 | 0.04 | — | 0.09 | Sep 17, 2010 | Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||
| CVE-2010-2850 | 0.04 | — | 0.08 | Jul 25, 2010 | Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. | ||
| CVE-2010-2266 | 0.04 | — | 0.07 | Jun 15, 2010 | nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. |
- CVE-2011-4713Dec 8, 2011risk 0.04cvss —epss 0.08
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
- CVE-2009-5087Sep 12, 2011risk 0.04cvss —epss 0.08
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
- CVE-2011-2474Jun 9, 2011risk 0.04cvss —epss 0.12
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.
- CVE-2011-1715Apr 18, 2011risk 0.04cvss —epss 0.07
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
- CVE-2011-0751Mar 16, 2011risk 0.04cvss —epss 0.07
Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.
- CVE-2011-1099Mar 9, 2011risk 0.04cvss —epss 0.06
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
- CVE-2011-0405Jan 11, 2011risk 0.04cvss —epss 0.10
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.
- CVE-2010-4350Jan 3, 2011risk 0.04cvss —epss 0.10
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
- CVE-2010-4330Dec 7, 2010risk 0.04cvss —epss 0.07
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
- CVE-2010-4399Dec 6, 2010risk 0.04cvss —epss 0.07
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.
- CVE-2010-4231Nov 17, 2010risk 0.04cvss —epss 0.11
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2010-3863Nov 5, 2010risk 0.04cvss —epss 0.11
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
- CVE-2010-4181Nov 4, 2010risk 0.04cvss —epss 0.08
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
- CVE-2010-3490Sep 28, 2010risk 0.04cvss —epss 0.09
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
- CVE-2010-3306Sep 24, 2010risk 0.04cvss —epss 0.06
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
- CVE-2010-3486Sep 22, 2010risk 0.04cvss —epss 0.08
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
- CVE-2010-3460Sep 17, 2010risk 0.04cvss —epss 0.10
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
- CVE-2010-3456Sep 17, 2010risk 0.04cvss —epss 0.09
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2010-2850Jul 25, 2010risk 0.04cvss —epss 0.08
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
- CVE-2010-2266Jun 15, 2010risk 0.04cvss —epss 0.07
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.