VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (3,734)

page 43 of 187
  • CVE-2017-10931HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.00

    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

  • CVE-2017-14514HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.00

    Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.

  • CVE-2015-4085HigSep 7, 2017
    risk 0.49cvss 7.5epss 0.00

    Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.

  • CVE-2017-14120HigSep 3, 2017
    risk 0.49cvss 7.5epss 0.01

    unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

  • CVE-2017-13780HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.01

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.

  • CVE-2015-1876HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in ES File Explorer 3.2.4.1.

  • CVE-2015-1386HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.01

    Directory traversal vulnerability in unshield 1.0-1.

  • CVE-2015-1199HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.01

    Directory traversal vulnerability in ppmd 10.1-5.

  • CVE-2015-1198HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.03

    Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.

  • CVE-2014-8871HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.

  • CVE-2017-12694HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.05

    A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.

  • CVE-2015-4180HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.01

    Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.

  • CVE-2015-1395HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

  • CVE-2017-9511HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.01

    The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.

  • CVE-2017-12938HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.01

    UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.

  • CVE-2011-5325HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

  • CVE-2017-11723HigJul 29, 2017
    risk 0.49cvss 7.5epss 0.00

    Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.

  • CVE-2017-11658HigJul 26, 2017
    risk 0.49cvss 7.5epss 0.03

    In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.

  • CVE-2017-11630HigJul 26, 2017
    risk 0.49cvss 7.5epss 0.01

    dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.

  • CVE-2015-1847HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.00

    Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.