VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (3,730)

page 155 of 187
  • CVE-2015-5662Oct 18, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.

  • CVE-2015-7683Oct 16, 2015
    risk 0.00cvss epss 0.00

    Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.

  • CVE-2015-1807Oct 16, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.

  • CVE-2015-6003Oct 16, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

  • CVE-2015-7372Oct 14, 2015
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.

  • CVE-2015-5650Oct 6, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2015-4546Oct 2, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.

  • CVE-2015-5638Sep 20, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.

  • CVE-2015-6459Sep 18, 2015
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.

  • CVE-2015-7237Sep 18, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-5472Sep 15, 2015
    risk 0.00cvss epss 0.01

    Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.

  • CVE-2015-6914Sep 11, 2015
    risk 0.00cvss epss 0.00

    Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.

  • CVE-2015-5199Sep 8, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

  • CVE-2015-2990Sep 5, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.

  • CVE-2015-5688Sep 4, 2015
    risk 0.00cvss epss 0.81

    Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

  • CVE-2015-5482Aug 18, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.

  • CVE-2015-4670Aug 18, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.

  • CVE-2015-5766Aug 17, 2015
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.

  • CVE-2015-3940Aug 4, 2015
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2015-4289Aug 1, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.