VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 75 of 275
  • CVE-2016-8211HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.03

    EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users…

  • CVE-2016-10184HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.06

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.

  • CVE-2016-10183HigJan 30, 2017
    risk 0.49cvss 7.5epss 0.06

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.

  • CVE-2017-5182HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.03

    Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for…

  • CVE-2016-3151HigJan 12, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow…

  • CVE-2016-9210HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2).…

  • CVE-2016-9177HigNov 4, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2015-1000006HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.04

    Remote file download vulnerability in recent-backups v0.7 wordpress plugin

  • CVE-2015-1000005HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.09

    Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin

  • CVE-2016-6023HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

  • CVE-2016-8343HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-6371HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

  • CVE-2016-5049HigAug 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.

  • CVE-2016-1429HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.07

    Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.

  • CVE-2016-6232HigAug 2, 2016
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

  • CVE-2016-4815HigJun 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-4814HigJun 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-2289HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.

  • CVE-2016-1145HigJan 30, 2016
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2015-6833HigJan 19, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.