CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 242 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16038 | Hig | 0.00 | 7.5 | 0.03 | Jun 4, 2018 | `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run. | ||
| CVE-2018-11319 | Hig | 0.00 | 7.5 | 0.03 | May 20, 2018 | Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker… | ||
| CVE-2018-7172 | Med | 0.00 | 4.9 | 0.03 | Feb 27, 2018 | In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. | ||
| CVE-2017-1000501 | Cri | 0.00 | 9.8 | 0.04 | Jan 3, 2018 | Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | ||
| CVE-2015-8565 | 0.00 | — | 0.03 | Dec 16, 2015 | Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-8564 | 0.00 | — | 0.03 | Dec 16, 2015 | Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | |||
| CVE-2015-6406 | 0.00 | — | 0.02 | Dec 13, 2015 | Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | |||
| CVE-2015-7037 | 0.00 | — | 0.02 | Dec 11, 2015 | Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2015-5322 | 0.00 | — | 0.03 | Nov 25, 2015 | Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. | |||
| CVE-2015-8228 | 0.00 | — | 0.01 | Nov 24, 2015 | Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | |||
| CVE-2015-7815 | 0.00 | — | 0.03 | Nov 16, 2015 | Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | |||
| CVE-2015-5305 | 0.00 | — | 0.02 | Nov 6, 2015 | Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. | |||
| CVE-2015-6500 | 0.00 | — | 0.03 | Oct 26, 2015 | Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to… | |||
| CVE-2015-1003 | 0.00 | — | 0.02 | Oct 25, 2015 | Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2015-7006 | 0.00 | — | 0.04 | Oct 23, 2015 | Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. | |||
| CVE-2015-5662 | 0.00 | — | 0.03 | Oct 18, 2015 | Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | |||
| CVE-2015-7683 | 0.00 | — | 0.05 | Oct 16, 2015 | Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. | |||
| CVE-2015-1807 | 0.00 | — | 0.02 | Oct 16, 2015 | Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | |||
| CVE-2015-6003 | 0.00 | — | 0.04 | Oct 16, 2015 | Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | |||
| CVE-2015-7372 | 0.00 | — | 0.03 | Oct 14, 2015 | Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter. |
- risk 0.00cvss 7.5epss 0.03
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.
- risk 0.00cvss 7.5epss 0.03
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker…
- risk 0.00cvss 4.9epss 0.03
In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.
- risk 0.00cvss 9.8epss 0.04
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
- CVE-2015-8565Dec 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
- CVE-2015-8564Dec 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
- CVE-2015-6406Dec 13, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.
- CVE-2015-7037Dec 11, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
- CVE-2015-5322Nov 25, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
- CVE-2015-8228Nov 24, 2015risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
- CVE-2015-7815Nov 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
- CVE-2015-5305Nov 6, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
- CVE-2015-6500Oct 26, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to…
- CVE-2015-1003Oct 25, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.
- CVE-2015-7006Oct 23, 2015risk 0.00cvss —epss 0.04
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
- CVE-2015-5662Oct 18, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
- CVE-2015-7683Oct 16, 2015risk 0.00cvss —epss 0.05
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
- CVE-2015-1807Oct 16, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.
- CVE-2015-6003Oct 16, 2015risk 0.00cvss —epss 0.04
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
- CVE-2015-7372Oct 14, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.