CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,719)
page 168 of 186| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-0987 | 0.00 | — | 0.03 | Oct 6, 2012 | Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. | ||
| CVE-2012-5051 | 0.00 | — | 0.00 | Oct 5, 2012 | Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2012-1471 | 0.00 | — | 0.00 | Oct 1, 2012 | Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||
| CVE-2012-1617 | 0.00 | — | 0.09 | Sep 26, 2012 | Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files. | ||
| CVE-2012-3324 | 0.00 | — | 0.01 | Sep 25, 2012 | Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. | ||
| CVE-2012-3305 | 0.00 | — | 0.00 | Sep 25, 2012 | Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. | ||
| CVE-2012-3011 | 0.00 | — | 0.00 | Sep 25, 2012 | Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request. | ||
| CVE-2011-4948 | 0.00 | — | 0.01 | Aug 31, 2012 | Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter. | ||
| CVE-2011-5141 | 0.00 | — | 0.00 | Aug 31, 2012 | Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action. | ||
| CVE-2012-3380 | 0.00 | — | 0.00 | Aug 31, 2012 | Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | ||
| CVE-2012-4596 | 0.00 | — | 0.00 | Aug 22, 2012 | Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. | ||
| CVE-2012-2968 | 0.00 | — | 0.00 | Aug 12, 2012 | Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request. | ||
| CVE-2012-3865 | 0.00 | — | 0.01 | Aug 6, 2012 | Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. | ||
| CVE-2012-2194 | 0.00 | — | 0.00 | Jul 25, 2012 | Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. | ||
| CVE-2012-3360 | 0.00 | — | 0.01 | Jul 22, 2012 | Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. | ||
| CVE-2012-2139 | 0.00 | — | 0.04 | Jul 18, 2012 | Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. | ||
| CVE-2012-4027 | 0.00 | — | 0.00 | Jul 16, 2012 | Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file. | ||
| CVE-2012-0410 | 0.00 | — | 0.03 | Jul 5, 2012 | Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | ||
| CVE-2012-2560 | 0.00 | — | 0.00 | Jul 5, 2012 | Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. | ||
| CVE-2012-2181 | 0.00 | — | 0.00 | Jul 3, 2012 | Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. |
- CVE-2012-0987Oct 6, 2012risk 0.00cvss —epss 0.03
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
- CVE-2012-5051Oct 5, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2012-1471Oct 1, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2012-1617Sep 26, 2012risk 0.00cvss —epss 0.09
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.
- CVE-2012-3324Sep 25, 2012risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
- CVE-2012-3305Sep 25, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
- CVE-2012-3011Sep 25, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request.
- CVE-2011-4948Aug 31, 2012risk 0.00cvss —epss 0.01
Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter.
- CVE-2011-5141Aug 31, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action.
- CVE-2012-3380Aug 31, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
- CVE-2012-4596Aug 22, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL.
- CVE-2012-2968Aug 12, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.
- CVE-2012-3865Aug 6, 2012risk 0.00cvss —epss 0.01
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
- CVE-2012-2194Jul 25, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
- CVE-2012-3360Jul 22, 2012risk 0.00cvss —epss 0.01
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
- CVE-2012-2139Jul 18, 2012risk 0.00cvss —epss 0.04
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
- CVE-2012-4027Jul 16, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
- CVE-2012-0410Jul 5, 2012risk 0.00cvss —epss 0.03
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter.
- CVE-2012-2560Jul 5, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001.
- CVE-2012-2181Jul 3, 2012risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.