CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
BaseStableLikelihood: High
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (3,719)
page 183 of 186| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-5366 | 0.00 | — | 0.00 | Oct 11, 2007 | The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | ||
| CVE-2007-5364 | 0.00 | — | 0.01 | Oct 11, 2007 | Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php | ||
| CVE-2007-5005 | 0.00 | — | 0.04 | Oct 1, 2007 | Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. | ||
| CVE-2007-5103 | 0.00 | — | 0.00 | Sep 26, 2007 | Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter. | ||
| CVE-2007-4842 | 0.00 | — | 0.01 | Sep 12, 2007 | Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||
| CVE-2007-4825 | 0.00 | — | 0.00 | Sep 12, 2007 | Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. | ||
| CVE-2007-4764 | 0.00 | — | 0.00 | Sep 8, 2007 | Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2007-4756 | 0.00 | — | 0.01 | Sep 8, 2007 | Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||
| CVE-2007-4723 | 0.00 | — | 0.00 | Sep 5, 2007 | Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page. | ||
| CVE-2007-4471 | 0.00 | — | 0.02 | Sep 5, 2007 | Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||
| CVE-2007-4655 | 0.00 | — | 0.00 | Sep 4, 2007 | Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | ||
| CVE-2007-4663 | 0.00 | — | 0.02 | Sep 4, 2007 | Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | ||
| CVE-2007-4134 | 0.00 | — | 0.02 | Aug 30, 2007 | Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | ||
| CVE-2007-3846 | 0.00 | — | 0.01 | Aug 28, 2007 | Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. | ||
| CVE-2007-4271 | 0.00 | — | 0.00 | Aug 18, 2007 | Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following. | ||
| CVE-2007-2836 | 0.00 | — | 0.01 | Jul 2, 2007 | Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | ||
| CVE-2007-3504 | 0.00 | — | 0.05 | Jun 30, 2007 | Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | ||
| CVE-2007-3072 | 0.00 | — | 0.01 | Jun 6, 2007 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. | ||
| CVE-2007-1143 | 0.00 | — | 0.00 | Mar 2, 2007 | Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||
| CVE-2007-1144 | 0.00 | — | 0.01 | Mar 2, 2007 | Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. |