VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 71 of 275
  • CVE-2018-8909HigMar 22, 2018
    risk 0.49cvss 7.5epss 0.02

    The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.

  • CVE-2014-3626HigMar 19, 2018
    risk 0.49cvss 7.5epss 0.02

    The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the…

  • CVE-2018-6810HigMar 6, 2018
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.

  • CVE-2018-1316HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.03

    The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion.…

  • CVE-2018-7586HigMar 1, 2018
    risk 0.49cvss 7.5epss 0.02

    In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.

  • CVE-2017-9447HigFeb 28, 2018
    risk 0.49cvss 7.5epss 0.02

    In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness…

  • CVE-2018-7482HigFeb 28, 2018
    risk 0.49cvss 7.5epss 0.02

    The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname…

  • CVE-2018-1299HigFeb 6, 2018
    risk 0.49cvss 7.5epss 0.03

    In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it…

  • CVE-2018-1048HigJan 24, 2018
    risk 0.49cvss 7.5epss 0.02

    It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of…

  • CVE-2018-6184HigJan 24, 2018
    risk 0.49cvss 7.5epss 0.09

    ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.

  • CVE-2015-9250HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.

  • CVE-2014-5068HigJan 11, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.

  • CVE-2017-17662HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.03

    Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for…

  • CVE-2017-1671HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.

  • CVE-2018-5283HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.02

    The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.

  • CVE-2018-5291HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

  • CVE-2018-5290HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.

  • CVE-2018-5289HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.

  • CVE-2018-5287HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.

  • CVE-2017-1000448HigJan 2, 2018
    risk 0.49cvss 7.5epss 0.02

    Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.