VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 93 of 275
  • CVE-2019-0191MedMar 21, 2019
    risk 0.43cvss 6.5epss 0.05

    Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in…

  • CVE-2016-7041MedSep 10, 2018
    risk 0.43cvss 6.5epss 0.04

    Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

  • CVE-2018-1002202MedJul 25, 2018
    risk 0.43cvss 6.5epss 0.13

    zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-3714MedJun 7, 2018
    risk 0.43cvss 6.5epss 0.09

    node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

  • CVE-2018-11137MedMay 31, 2018
    risk 0.43cvss 6.5epss 0.06

    The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.

  • CVE-2017-16596MedJan 23, 2018
    risk 0.43cvss 6.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be…

  • CVE-2017-16595MedJan 23, 2018
    risk 0.43cvss 6.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be…

  • CVE-2017-16592MedJan 23, 2018
    risk 0.43cvss 6.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be…

  • CVE-2017-16591MedJan 23, 2018
    risk 0.43cvss 6.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be…

  • CVE-2017-16877HigNov 17, 2017
    risk 0.43cvss 7.5epss 0.14

    ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

  • CVE-2017-7693MedAug 26, 2017
    risk 0.43cvss 6.5epss 0.04

    Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.

  • CVE-2015-1395HigAug 25, 2017
    risk 0.43cvss 7.5epss 0.11

    Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

  • CVE-2017-7675HigAug 11, 2017
    risk 0.43cvss 7.5epss 0.10

    The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

  • CVE-2017-6758MedAug 7, 2017
    risk 0.43cvss 6.5epss 0.04

    A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient…

  • CVE-2015-7780MedJun 27, 2017
    risk 0.43cvss 6.5epss 0.11

    Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.

  • CVE-2017-9416MedJun 4, 2017
    risk 0.43cvss 6.5epss 0.06

    Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.

  • CVE-2015-5469HigMay 23, 2017
    risk 0.43cvss 7.5epss 0.10

    Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.

  • CVE-2017-6636MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.06

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper…

  • CVE-2016-5725MedJan 19, 2017
    risk 0.43cvss 5.9epss 0.24

    Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

  • CVE-2016-8827MedDec 16, 2016
    risk 0.43cvss 6.5epss 0.05

    NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.