VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 261 of 275
  • CVE-2011-0698Feb 14, 2011
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

  • CVE-2010-3718Feb 10, 2011
    risk 0.00cvss epss 0.01

    Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a…

  • CVE-2011-0537Feb 4, 2011
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP…

  • CVE-2010-3930Feb 2, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.

  • CVE-2010-3689Jan 28, 2011
    risk 0.00cvss epss 0.01

    soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

  • CVE-2011-0497Jan 20, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request.

  • CVE-2011-0494Jan 19, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. …

  • CVE-2010-1679Jan 11, 2011
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.

  • CVE-2010-4350Jan 3, 2011
    risk 0.00cvss epss 0.08

    Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library…

  • CVE-2010-4634Dec 30, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party

  • CVE-2010-4622Dec 30, 2010
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

  • CVE-2010-4369Dec 2, 2010
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

  • CVE-2010-4270Nov 17, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1)…

  • CVE-2010-1829Nov 15, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.

  • CVE-2010-4154Nov 3, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

  • CVE-2010-4153Nov 3, 2010
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

  • CVE-2010-4149Nov 2, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.

  • CVE-2010-4148Nov 2, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

  • CVE-2010-3842Oct 28, 2010
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP…

  • CVE-2010-4095Oct 26, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response.