VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 9 of 275
  • CVE-2017-12791CriAug 23, 2017
    risk 0.64cvss 9.8epss 0.05

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

  • CVE-2015-0781CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.04

    Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.

  • CVE-2017-11589CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.01

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd,…

  • CVE-2017-1000047CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.04

    rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution

  • CVE-2017-6821CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-9031CriMay 17, 2017
    risk 0.64cvss 9.8epss 0.03

    The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.

  • CVE-2017-8297CriApr 27, 2017
    risk 0.64cvss 9.8epss 0.03

    A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).

  • CVE-2017-8283CriApr 26, 2017
    risk 0.64cvss 9.8epss 0.05

    dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by…

  • CVE-2014-8704CriMar 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.

  • CVE-2017-5219CriFeb 2, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a…

  • CVE-2016-6517CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.

  • CVE-2016-8204CriJan 14, 2017
    risk 0.64cvss 9.8epss 0.07

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-6138CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.06

    Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

  • CVE-2016-0752HigKEVFeb 16, 2016
    risk 0.64cvss 7.5epss 0.96

    Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render…

  • CVE-2015-0666HigKEVApr 3, 2015
    risk 0.64cvss 7.5epss 0.41

    Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

  • CVE-2009-4013CriFeb 2, 2010
    risk 0.64cvss 9.8epss 0.06

    Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field…

  • CVE-2024-31851HigApr 5, 2024
    risk 0.63cvss 8.6epss 0.03

    A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

  • CVE-2024-31850HigApr 5, 2024
    risk 0.63cvss 8.6epss 0.03

    A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

  • CVE-2023-5241CriOct 19, 2023
    risk 0.63cvss 9.6epss 0.02

    The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting…

  • CVE-2018-10357HigMay 23, 2018
    risk 0.63cvss 8.8epss 0.74

    A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.