CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,719)
page 175 of 186| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-1391 | 0.00 | — | 0.00 | Jun 11, 2010 | Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. | ||
| CVE-2010-1571 | 0.00 | — | 0.00 | Jun 10, 2010 | Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. | ||
| CVE-2010-1848 | 0.00 | — | 0.00 | Jun 8, 2010 | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
| CVE-2010-2136 | 0.00 | — | 0.00 | Jun 2, 2010 | Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||
| CVE-2010-2112 | 0.00 | — | 0.00 | May 28, 2010 | Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2010-2104 | 0.00 | — | 0.00 | May 27, 2010 | Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element. | ||
| CVE-2010-2096 | 0.00 | — | 0.00 | May 27, 2010 | Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | ||
| CVE-2010-0403 | 0.00 | — | 0.01 | May 19, 2010 | Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. | ||
| CVE-2010-1512 | 0.00 | — | 0.01 | May 17, 2010 | Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | ||
| CVE-2010-1000 | 0.00 | — | 0.02 | May 17, 2010 | Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | ||
| CVE-2010-0999 | 0.00 | — | 0.00 | May 17, 2010 | Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | ||
| CVE-2010-1589 | 0.00 | — | 0.00 | Apr 28, 2010 | Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions. | ||
| CVE-2009-4815 | 0.00 | — | 0.00 | Apr 27, 2010 | Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||
| CVE-2010-1492 | 0.00 | — | 0.00 | Apr 23, 2010 | Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id_nodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2010-1462 | 0.00 | — | 0.00 | Apr 16, 2010 | Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter. | ||
| CVE-2010-1298 | 0.00 | — | 0.00 | Apr 6, 2010 | Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2010-0501 | 0.00 | — | 0.00 | Mar 30, 2010 | Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. | ||
| CVE-2010-0533 | 0.00 | — | 0.00 | Mar 30, 2010 | Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | ||
| CVE-2009-4740 | 0.00 | — | 0.00 | Mar 26, 2010 | Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. | ||
| CVE-2010-0989 | 0.00 | — | 0.00 | Mar 26, 2010 | Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter. |
- CVE-2010-1391Jun 11, 2010risk 0.00cvss —epss 0.00
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
- CVE-2010-1571Jun 10, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
- CVE-2010-1848Jun 8, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
- CVE-2010-2136Jun 2, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2010-2112May 28, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2010-2104May 27, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.
- CVE-2010-2096May 27, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
- CVE-2010-0403May 19, 2010risk 0.00cvss —epss 0.01
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
- CVE-2010-1512May 17, 2010risk 0.00cvss —epss 0.01
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
- CVE-2010-1000May 17, 2010risk 0.00cvss —epss 0.02
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
- CVE-2010-0999May 17, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
- CVE-2010-1589Apr 28, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
- CVE-2009-4815Apr 27, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
- CVE-2010-1492Apr 23, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id_nodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2010-1462Apr 16, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
- CVE-2010-1298Apr 6, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2010-0501Mar 30, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.
- CVE-2010-0533Mar 30, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
- CVE-2009-4740Mar 26, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.
- CVE-2010-0989Mar 26, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.