VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 112 of 275
  • CVE-2016-7826MedJun 9, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.

  • CVE-2016-7825MedJun 9, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.

  • CVE-2016-7802MedJun 9, 2017
    risk 0.42cvss 6.5epss 0.03

    Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2015-1834MedMay 25, 2017
    risk 0.42cvss 6.5epss 0.02

    A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through…

  • CVE-2017-7433MedMay 18, 2017
    risk 0.42cvss 6.5epss 0.01

    An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed…

  • CVE-2017-2098MedApr 28, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-2090MedApr 28, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2015-8780MedApr 13, 2017
    risk 0.42cvss 6.4epss 0.01

    Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.

  • CVE-2016-10048HigMar 23, 2017
    risk 0.42cvss 7.5epss 0.07

    Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

  • CVE-2016-4986HigFeb 9, 2017
    risk 0.42cvss 7.5epss 0.03

    Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.

  • CVE-2016-8933MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

  • CVE-2016-8913MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2016-6126MedFeb 1, 2017
    risk 0.42cvss 6.5epss 0.02

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

  • CVE-2016-10173HigFeb 1, 2017
    risk 0.42cvss 7.5epss 0.05

    Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.

  • CVE-2016-10106MedJan 3, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by…

  • CVE-2016-9878HigDec 29, 2016
    risk 0.42cvss 7.5epss 0.06

    An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

  • CVE-2016-9208MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More…

  • CVE-2016-9199MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and…

  • CVE-2016-5765MedNov 29, 2016
    risk 0.42cvss 6.5epss 0.02

    Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that…

  • CVE-2016-8280MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.