CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
BaseStableLikelihood: High
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,719)
page 181 of 186| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-1884 | 0.00 | — | 0.00 | Apr 18, 2008 | Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418. | ||
| CVE-2008-1653 | 0.00 | — | 0.00 | Apr 2, 2008 | Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2008-1642 | 0.00 | — | 0.00 | Apr 2, 2008 | Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2008-1652 | 0.00 | — | 0.00 | Apr 2, 2008 | Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-1643 | 0.00 | — | 0.00 | Apr 2, 2008 | Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2008-1352 | 0.00 | — | 0.00 | Mar 17, 2008 | Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the _SearchTemplate parameter during a Title search. | ||
| CVE-2008-1310 | 0.00 | — | 0.01 | Mar 12, 2008 | Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname. | ||
| CVE-2008-1301 | 0.00 | — | 0.03 | Mar 12, 2008 | Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. | ||
| CVE-2008-1284 | 0.00 | — | 0.02 | Mar 11, 2008 | Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | ||
| CVE-2008-1281 | 0.00 | — | 0.00 | Mar 10, 2008 | Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||
| CVE-2008-0923 | 0.00 | — | 0.00 | Feb 26, 2008 | Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | ||
| CVE-2008-0981 | 0.00 | — | 0.00 | Feb 25, 2008 | Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||
| CVE-2008-0946 | 0.00 | — | 0.00 | Feb 25, 2008 | Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | ||
| CVE-2008-0797 | 0.00 | — | 0.00 | Feb 15, 2008 | Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter. | ||
| CVE-2008-0758 | 0.00 | — | 0.00 | Feb 13, 2008 | Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename. | ||
| CVE-2008-0654 | 0.00 | — | 0.00 | Feb 7, 2008 | Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php. | ||
| CVE-2008-0615 | 0.00 | — | 0.00 | Feb 6, 2008 | Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters. | ||
| CVE-2008-0405 | 0.00 | — | 0.01 | Jan 29, 2008 | Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. | ||
| CVE-2008-0252 | 0.00 | — | 0.03 | Jan 12, 2008 | Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. | ||
| CVE-2008-0196 | 0.00 | — | 0.00 | Jan 10, 2008 | Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. |