CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 273 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3360 | 0.00 | — | 0.05 | Jul 6, 2006 | Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file… | |||
| CVE-2006-2337 | 0.00 | — | 0.02 | May 12, 2006 | Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | |||
| CVE-2006-1746 | 0.00 | — | 0.02 | Apr 12, 2006 | Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | |||
| CVE-2006-0950 | 0.00 | — | 0.02 | Mar 13, 2006 | unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | |||
| CVE-2006-1095 | 0.00 | — | 0.01 | Mar 9, 2006 | Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | |||
| CVE-2006-0931 | 0.00 | — | 0.02 | Feb 28, 2006 | Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | |||
| CVE-2006-0847 | 0.00 | — | 0.02 | Feb 22, 2006 | Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. | |||
| CVE-2006-0795 | 0.00 | — | 0.03 | Feb 19, 2006 | Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | |||
| CVE-2006-0434 | 0.00 | — | 0.02 | Jan 26, 2006 | Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports… | |||
| CVE-2006-0223 | 0.00 | — | 0.02 | Jan 16, 2006 | Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | |||
| CVE-2005-1918 | 0.00 | — | 0.03 | Dec 31, 2005 | The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences… | |||
| CVE-2005-2619 | 0.00 | — | 0.03 | Dec 31, 2005 | Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the… | |||
| CVE-2005-3355 | 0.00 | — | 0.02 | Nov 18, 2005 | Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | |||
| CVE-2005-1925 | 0.00 | — | 0.03 | Nov 18, 2005 | Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | |||
| CVE-2005-3347 | 0.00 | — | 0.04 | Nov 18, 2005 | Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter… | |||
| CVE-2005-3548 | 0.00 | — | 0.01 | Nov 16, 2005 | Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. | |||
| CVE-2005-1813 | 0.00 | — | 0.02 | Jun 1, 2005 | Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences. | |||
| CVE-2005-0372 | 0.00 | — | 0.04 | May 2, 2005 | Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | |||
| CVE-2004-2747 | 0.00 | — | 0.01 | Dec 31, 2004 | Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error… | |||
| CVE-2004-0273 | 0.00 | — | 0.04 | Nov 23, 2004 | Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. |
- CVE-2006-3360Jul 6, 2006risk 0.00cvss —epss 0.05
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file…
- CVE-2006-2337May 12, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
- CVE-2006-1746Apr 12, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
- CVE-2006-0950Mar 13, 2006risk 0.00cvss —epss 0.02
unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.
- CVE-2006-1095Mar 9, 2006risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
- CVE-2006-0931Feb 28, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
- CVE-2006-0847Feb 22, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
- CVE-2006-0795Feb 19, 2006risk 0.00cvss —epss 0.03
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.
- CVE-2006-0434Jan 26, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports…
- CVE-2006-0223Jan 16, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.
- CVE-2005-1918Dec 31, 2005risk 0.00cvss —epss 0.03
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences…
- CVE-2005-2619Dec 31, 2005risk 0.00cvss —epss 0.03
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the…
- CVE-2005-3355Nov 18, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
- CVE-2005-1925Nov 18, 2005risk 0.00cvss —epss 0.03
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
- CVE-2005-3347Nov 18, 2005risk 0.00cvss —epss 0.04
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter…
- CVE-2005-3548Nov 16, 2005risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.
- CVE-2005-1813Jun 1, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences.
- CVE-2005-0372May 2, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
- CVE-2004-2747Dec 31, 2004risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error…
- CVE-2004-0273Nov 23, 2004risk 0.00cvss —epss 0.04
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.