CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 75 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8211 | Hig | 0.49 | 7.5 | 0.03 | Feb 3, 2017 | EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users… | ||
| CVE-2016-10184 | Hig | 0.49 | 7.5 | 0.06 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | ||
| CVE-2016-10183 | Hig | 0.49 | 7.5 | 0.06 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | ||
| CVE-2017-5182 | Hig | 0.49 | 7.5 | 0.03 | Jan 23, 2017 | Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for… | ||
| CVE-2016-3151 | Hig | 0.49 | 7.5 | 0.04 | Jan 12, 2017 | Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow… | ||
| CVE-2016-9210 | Hig | 0.49 | 7.5 | 0.03 | Dec 14, 2016 | A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2).… | ||
| CVE-2016-9177 | Hig | 0.49 | 7.5 | 0.05 | Nov 4, 2016 | Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||
| CVE-2015-1000006 | Hig | 0.49 | 7.5 | 0.04 | Oct 6, 2016 | Remote file download vulnerability in recent-backups v0.7 wordpress plugin | ||
| CVE-2015-1000005 | Hig | 0.49 | 7.5 | 0.09 | Oct 6, 2016 | Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | ||
| CVE-2016-6023 | Hig | 0.49 | 7.5 | 0.02 | Oct 6, 2016 | Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | ||
| CVE-2016-8343 | Hig | 0.49 | 7.5 | 0.04 | Oct 5, 2016 | Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2016-6371 | Hig | 0.49 | 7.5 | 0.05 | Sep 12, 2016 | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | ||
| CVE-2016-5049 | Hig | 0.49 | 7.5 | 0.02 | Aug 26, 2016 | Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter. | ||
| CVE-2016-1429 | Hig | 0.49 | 7.5 | 0.07 | Aug 8, 2016 | Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. | ||
| CVE-2016-6232 | Hig | 0.49 | 7.5 | 0.04 | Aug 2, 2016 | Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | ||
| CVE-2016-4815 | Hig | 0.49 | 7.5 | 0.02 | Jun 19, 2016 | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2016-4814 | Hig | 0.49 | 7.5 | 0.02 | Jun 19, 2016 | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2016-2289 | Hig | 0.49 | 7.5 | 0.02 | Apr 1, 2016 | Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | ||
| CVE-2016-1145 | Hig | 0.49 | 7.5 | 0.04 | Jan 30, 2016 | Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2015-6833 | Hig | 0.49 | 7.5 | 0.05 | Jan 19, 2016 | Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. |
- risk 0.49cvss 7.5epss 0.03
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users…
- risk 0.49cvss 7.5epss 0.06
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
- risk 0.49cvss 7.5epss 0.06
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
- risk 0.49cvss 7.5epss 0.03
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for…
- risk 0.49cvss 7.5epss 0.04
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2).…
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- risk 0.49cvss 7.5epss 0.04
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
- risk 0.49cvss 7.5epss 0.09
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
- risk 0.49cvss 7.5epss 0.04
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.
- risk 0.49cvss 7.5epss 0.07
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.
- risk 0.49cvss 7.5epss 0.04
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.