VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 46 of 275
  • CVE-2022-31268HigMay 21, 2022
    risk 0.50cvss 7.5epss 0.10

    A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

  • CVE-2022-1119HigApr 19, 2022
    risk 0.50cvss 7.5epss 0.20

    The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be…

  • CVE-2021-44138HigApr 4, 2022
    risk 0.50cvss 7.5epss 0.14

    There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.

  • CVE-2022-24730HigMar 23, 2022
    risk 0.50cvss 7.7epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with…

  • CVE-2021-32674HigJun 8, 2021
    risk 0.50cvss 8.8epss 0.02

    Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available…

  • CVE-2019-0225HigMar 28, 2019
    risk 0.50cvss 7.5epss 0.10

    A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

  • CVE-2018-1649HigOct 5, 2018
    risk 0.50cvss 7.7epss 0.03

    IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.

  • CVE-2018-15138HigAug 15, 2018
    risk 0.50cvss 7.5epss 0.13

    Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.

  • CVE-2017-2595HigJul 27, 2018
    risk 0.50cvss 7.7epss 0.03

    It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

  • CVE-2018-12909HigJun 27, 2018
    risk 0.50cvss 7.5epss 0.19

    Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible…

  • CVE-2018-6914HigApr 3, 2018
    risk 0.50cvss 7.5epss 0.11

    Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the…

  • CVE-2018-7467HigFeb 27, 2018
    risk 0.50cvss 7.5epss 0.11

    AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.

  • CVE-2017-15363HigOct 15, 2017
    risk 0.50cvss 7.5epss 0.14

    Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

  • CVE-2017-12263HigOct 5, 2017
    risk 0.50cvss 7.5epss 0.11

    A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied…

  • CVE-2017-14719HigSep 23, 2017
    risk 0.50cvss 7.5epss 0.13

    Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

  • CVE-2016-10367HigMay 3, 2017
    risk 0.50cvss 7.5epss 0.16

    In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a…

  • CVE-2016-5312MedApr 14, 2017
    risk 0.50cvss 6.5epss 0.54

    Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.

  • CVE-2016-8207HigJan 14, 2017
    risk 0.50cvss 7.5epss 0.15

    A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.

  • CVE-2016-8206HigJan 14, 2017
    risk 0.50cvss 7.5epss 0.15

    A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.

  • CVE-2016-6321HigDec 9, 2016
    risk 0.50cvss 7.5epss 0.15

    Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka…