VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 217 of 275
  • CVE-2007-0205Jan 11, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by…

  • CVE-2006-6242Dec 3, 2006
    risk 0.03cvss epss 0.05

    Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2)…

  • CVE-2006-2758Jun 2, 2006
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

  • CVE-2006-0976Mar 3, 2006
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.

  • CVE-2006-0871Feb 24, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection…

  • CVE-2005-4600Dec 31, 2005
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

  • CVE-2005-0253May 2, 2005
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.

  • CVE-2004-2717Dec 31, 2004
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.

  • CVE-2004-2745Dec 31, 2004
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2004-2749Dec 31, 2004
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be…

  • CVE-2004-2750Dec 31, 2004
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2004-2686Dec 31, 2004
    risk 0.03cvss epss 0.01

    Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient…

  • CVE-2004-1927Apr 11, 2004
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.

  • CVE-2003-1427Dec 31, 2003
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.

  • CVE-2003-1545Dec 31, 2003
    risk 0.03cvss epss 0.04

    Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.

  • CVE-2003-1499Dec 31, 2003
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter.

  • CVE-2003-1430Dec 31, 2003
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.

  • CVE-2003-1414Dec 31, 2003
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.

  • CVE-2002-2416Dec 31, 2002
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.

  • CVE-2002-2351Dec 31, 2002
    risk 0.03cvss epss 0.03

    Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).