VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 253 of 275
  • CVE-2013-6397Dec 7, 2013
    risk 0.00cvss epss 0.56

    Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be…

  • CVE-2013-3921Dec 5, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI.

  • CVE-2013-6000Dec 5, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.

  • CVE-2013-3923Nov 26, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.

  • CVE-2013-4524Nov 26, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

  • CVE-2013-3922Nov 25, 2013
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.

  • CVE-2013-6864Nov 23, 2013
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via…

  • CVE-2012-6607Nov 23, 2013
    risk 0.00cvss epss 0.00

    The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.

  • CVE-2013-6177Nov 21, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users…

  • CVE-2013-6827Nov 20, 2013
    risk 0.00cvss epss 0.01

    Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.

  • CVE-2013-6821Nov 20, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-6688Nov 18, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

  • CVE-2013-4510Nov 18, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.

  • CVE-2013-6226Nov 14, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors.

  • CVE-2013-5554Nov 8, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.

  • CVE-2013-3626Nov 6, 2013
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message.

  • CVE-2013-1084Nov 2, 2013
    risk 0.00cvss epss 0.06

    Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.

  • CVE-2013-5534Oct 19, 2013
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for…

  • CVE-2013-4173Oct 11, 2013
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.

  • CVE-2012-4104Oct 2, 2013
    risk 0.00cvss epss 0.00

    Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.