VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 110 of 275
  • CVE-2018-1000175MedMay 8, 2018
    risk 0.42cvss 6.5epss 0.03

    A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

  • CVE-2017-1723MedApr 26, 2018
    risk 0.42cvss 6.5epss 0.03

    IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

  • CVE-2018-10176MedApr 20, 2018
    risk 0.42cvss 6.5epss 0.02

    Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.

  • CVE-2017-14384MedMar 16, 2018
    risk 0.42cvss 6.5epss 0.02

    In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in…

  • CVE-2018-7654MedMar 4, 2018
    risk 0.42cvss 6.5epss 0.02

    On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.

  • CVE-2017-15712MedFeb 19, 2018
    risk 0.42cvss 6.5epss 0.03

    Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie…

  • CVE-2017-12560MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.03

    A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

  • CVE-2017-12559MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.03

    A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.

  • CVE-2015-4461MedFeb 5, 2018
    risk 0.42cvss 6.5epss 0.01

    Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.

  • CVE-2017-18037MedFeb 2, 2018
    risk 0.42cvss 6.5epss 0.01

    The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0…

  • CVE-2017-1279MedJan 26, 2018
    risk 0.42cvss 6.5epss 0.02

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.

  • CVE-2018-6022MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.01

    Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.

  • CVE-2017-16605MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2017-16604MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2017-16601MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2017-16600MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2017-16599MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.03

    This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2017-16593MedJan 23, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2018-5310MedJan 9, 2018
    risk 0.42cvss 6.5epss 0.02

    In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.

  • CVE-2017-1000472MedJan 3, 2018
    risk 0.42cvss 6.5epss 0.02

    The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or…