CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 74 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4704 | Hig | 0.49 | 7.5 | 0.05 | May 23, 2017 | Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | ||
| CVE-2017-6652 | Hig | 0.49 | 7.5 | 0.04 | May 18, 2017 | A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability… | ||
| CVE-2017-9030 | Hig | 0.49 | 7.5 | 0.02 | May 17, 2017 | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | ||
| CVE-2016-10331 | Hig | 0.49 | 7.5 | 0.02 | May 12, 2017 | Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | ||
| CVE-2017-8921 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2017 | In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage… | ||
| CVE-2017-2163 | Hig | 0.49 | 7.5 | 0.02 | May 12, 2017 | Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | ||
| CVE-2017-8868 | Hig | 0.49 | 7.5 | 0.02 | May 10, 2017 | acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. | ||
| CVE-2017-8853 | Hig | 0.49 | 7.5 | 0.01 | May 9, 2017 | Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | ||
| CVE-2017-4980 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. | ||
| CVE-2017-7258 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as… | ||
| CVE-2017-5899 | Hig | 0.49 | 7.0 | 0.01 | Mar 27, 2017 | Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. | ||
| CVE-2017-3851 | Hig | 0.49 | 7.5 | 0.05 | Mar 22, 2017 | A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the… | ||
| CVE-2013-7462 | Hig | 0.49 | 7.5 | 0.02 | Mar 14, 2017 | A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system… | ||
| CVE-2016-9164 | Hig | 0.49 | 7.5 | 0.05 | Mar 7, 2017 | Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via… | ||
| CVE-2017-5168 | Hig | 0.49 | 7.5 | 0.04 | Feb 13, 2017 | An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests,… | ||
| CVE-2016-9364 | Hig | 0.49 | 7.5 | 0.02 | Feb 13, 2017 | An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server. | ||
| CVE-2016-9351 | Hig | 0.49 | 7.0 | 0.04 | Feb 13, 2017 | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | ||
| CVE-2016-8211 | Hig | 0.49 | 7.5 | 0.03 | Feb 3, 2017 | EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users… | ||
| CVE-2016-10184 | Hig | 0.49 | 7.5 | 0.06 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | ||
| CVE-2016-10183 | Hig | 0.49 | 7.5 | 0.06 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. |
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
- risk 0.49cvss 7.5epss 0.04
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…
- risk 0.49cvss 7.5epss 0.02
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
- risk 0.49cvss 7.5epss 0.01
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage…
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
- risk 0.49cvss 7.5epss 0.02
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
- risk 0.49cvss 7.5epss 0.01
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
- risk 0.49cvss 7.5epss 0.02
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.
- risk 0.49cvss 7.5epss 0.02
HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as…
- risk 0.49cvss 7.0epss 0.01
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
- risk 0.49cvss 7.5epss 0.05
A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the…
- risk 0.49cvss 7.5epss 0.02
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system…
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via…
- risk 0.49cvss 7.5epss 0.04
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests,…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server.
- risk 0.49cvss 7.0epss 0.04
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
- risk 0.49cvss 7.5epss 0.03
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users…
- risk 0.49cvss 7.5epss 0.06
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
- risk 0.49cvss 7.5epss 0.06
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.