VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 72 of 275
  • CVE-2017-14196HigNov 30, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.

  • CVE-2017-16762HigNov 10, 2017
    risk 0.49cvss 7.5epss 0.02

    Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.

  • CVE-2017-11511HigNov 8, 2017
    risk 0.49cvss 7.5epss 0.04

    The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

  • CVE-2014-0115HigOct 30, 2017
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

  • CVE-2017-15805HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.02

    Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.

  • CVE-2017-10933HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.

  • CVE-2015-1429HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.

  • CVE-2017-15079HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.03

    The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.

  • CVE-2017-1577HigSep 28, 2017
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

  • CVE-2017-14722HigSep 23, 2017
    risk 0.49cvss 7.5epss 0.08

    Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

  • CVE-2017-10931HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.01

    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

  • CVE-2017-14514HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.

  • CVE-2017-14120HigSep 3, 2017
    risk 0.49cvss 7.5epss 0.02

    unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

  • CVE-2017-13780HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.02

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.

  • CVE-2017-3163HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.07

    When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special…

  • CVE-2016-8752HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.02

    Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.

  • CVE-2015-1876HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in ES File Explorer 3.2.4.1.

  • CVE-2015-1386HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in unshield 1.0-1.

  • CVE-2015-1199HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in ppmd 10.1-5.

  • CVE-2015-1198HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.03

    Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.