VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 254 of 275
  • CVE-2013-5751Sep 16, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-4315Sep 16, 2013
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.

  • CVE-2013-5216Sep 12, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-3658Sep 10, 2013
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.

  • CVE-2013-4702Aug 30, 2013
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4)…

  • CVE-2013-5648Aug 29, 2013
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \…

  • CVE-2013-3598Aug 28, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.

  • CVE-2013-2988Aug 27, 2013
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978.

  • CVE-2013-2978Aug 27, 2013
    risk 0.00cvss epss 0.01

    Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.

  • CVE-2013-2979Aug 22, 2013
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2013-2900Aug 21, 2013
    risk 0.00cvss epss 0.02

    The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks…

  • CVE-2013-5301Aug 16, 2013
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter.

  • CVE-2013-3457Aug 12, 2013
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.

  • CVE-2013-2117Aug 9, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.

  • CVE-2013-5022Aug 6, 2013
    risk 0.00cvss epss 0.03

    Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname…

  • CVE-2013-5021Aug 6, 2013
    risk 0.00cvss epss 0.02

    Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other…

  • CVE-2013-4668Jul 18, 2013
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action,…

  • CVE-2013-2984Jul 3, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors.

  • CVE-2013-3654Jun 30, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.

  • CVE-2013-3650Jun 30, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different…