| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-2919 |
22 |
1
|
Dir. Trav. |
2012-05-21 |
2012-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. |
|
2 |
CVE-2012-2421 |
22 |
|
Dir. Trav. |
2012-04-25 |
2012-04-27 |
1.8 |
None |
Local Network |
High |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI. |
|
3 |
CVE-2012-2215 |
22 |
|
Dir. Trav. |
2012-04-09 |
2012-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. |
|
4 |
CVE-2012-1918 |
22 |
|
Dir. Trav. |
2012-03-27 |
2012-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter. |
|
5 |
CVE-2012-1917 |
22 |
|
Dir. Trav. |
2012-03-27 |
2012-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence. |
|
6 |
CVE-2012-1841 |
22 |
|
Dir. Trav. |
2012-03-22 |
2012-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. |
|
7 |
CVE-2012-1839 |
22 |
|
Dir. Trav. |
2012-03-22 |
2012-04-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. |
|
8 |
CVE-2012-1790 |
22 |
2
|
Dir. Trav. |
2012-03-19 |
2012-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. |
|
9 |
CVE-2012-1497 |
22 |
|
Dir. Trav. |
2012-03-02 |
2012-03-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. |
|
10 |
CVE-2012-1289 |
22 |
|
Dir. Trav. |
2012-02-23 |
2012-02-24 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. |
|
11 |
CVE-2012-1226 |
22 |
1
|
Exec Code Dir. Trav. |
2012-02-21 |
2012-03-20 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. |
|
12 |
CVE-2012-1221 |
22 |
|
Dir. Trav. |
2012-02-21 |
2012-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. |
|
13 |
CVE-2012-1207 |
22 |
1
|
Dir. Trav. |
2012-02-24 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php. |
|
14 |
CVE-2012-1196 |
22 |
|
Dir. Trav. |
2012-02-17 |
2012-02-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. |
|
15 |
CVE-2012-1089 |
22 |
|
Dir. Trav. |
2012-03-23 |
2012-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package. |
|
16 |
CVE-2012-1050 |
22 |
|
Dir. Trav. |
2012-02-13 |
2012-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header. |
|
17 |
CVE-2012-1047 |
22 |
1
|
Dir. Trav. |
2012-02-12 |
2012-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action. |
|
18 |
CVE-2012-1025 |
22 |
1
|
Dir. Trav. |
2012-02-07 |
2012-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. |
|
19 |
CVE-2012-1024 |
22 |
1
|
Dir. Trav. |
2012-02-07 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
|
20 |
CVE-2012-0998 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. |
|
21 |
CVE-2012-0996 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. |
|
22 |
CVE-2012-0991 |
22 |
|
Dir. Trav. |
2012-02-07 |
2012-02-08 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. |
|
23 |
CVE-2012-0981 |
22 |
1
|
Dir. Trav. |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information. |
|
24 |
CVE-2012-0907 |
22 |
|
Dir. Trav. |
2012-01-20 |
2012-01-23 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. |
|
25 |
CVE-2012-0898 |
22 |
1
|
Dir. Trav. |
2012-01-20 |
2012-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. |
|
26 |
CVE-2012-0896 |
22 |
2
|
Dir. Trav. |
2012-01-20 |
2012-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. |
|
27 |
CVE-2012-0697 |
22 |
|
Dir. Trav. |
2012-01-12 |
2012-01-23 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. |
|
28 |
CVE-2012-0403 |
22 |
|
Dir. Trav. |
2012-03-20 |
2012-04-17 |
6.3 |
None |
Remote |
Medium |
Single system |
Complete |
None |
None |
|
Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. |
|
29 |
CVE-2012-0365 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-03-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. |
|
30 |
CVE-2012-0294 |
22 |
|
Dir. Trav. |
2012-05-23 |
2012-05-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. |
|
31 |
CVE-2012-0246 |
22 |
|
Exec Code Dir. Trav. |
2012-04-02 |
2012-04-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. |
|
32 |
CVE-2012-0232 |
22 |
|
Dir. Trav. |
2012-03-15 |
2012-03-16 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. |
|
33 |
CVE-2011-5028 |
22 |
|
Dir. Trav. |
2011-12-29 |
2011-12-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. |
|
34 |
CVE-2011-4880 |
22 |
|
Dir. Trav. |
2012-04-13 |
2012-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request. |
|
35 |
CVE-2011-4878 |
22 |
|
Dir. Trav. |
2012-02-03 |
2012-02-06 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. |
|
36 |
CVE-2011-4876 |
22 |
|
Dir. Trav. |
2012-02-03 |
2012-02-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. |
|
37 |
CVE-2011-4835 |
22 |
|
Dir. Trav. |
2011-12-14 |
2011-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. |
|
38 |
CVE-2011-4832 |
22 |
1
|
Dir. Trav. |
2011-12-14 |
2011-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action. |
|
39 |
CVE-2011-4831 |
22 |
1
|
Dir. Trav. |
2011-12-14 |
2012-02-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action. |
|
40 |
CVE-2011-4813 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter. |
|
41 |
CVE-2011-4810 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. |
|
42 |
CVE-2011-4807 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. |
|
43 |
CVE-2011-4804 |
22 |
|
Dir. Trav. |
2011-12-13 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
44 |
CVE-2011-4800 |
22 |
1
|
Dir. Trav. |
2011-12-13 |
2012-03-05 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. |
|
45 |
CVE-2011-4788 |
22 |
|
Dir. Trav. |
2012-01-12 |
2012-02-09 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. |
|
46 |
CVE-2011-4717 |
22 |
|
Dir. Trav. |
2011-12-20 |
2011-12-20 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command. |
|
47 |
CVE-2011-4716 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2012-02-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. |
|
48 |
CVE-2011-4715 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2011-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. |
|
49 |
CVE-2011-4714 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2011-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL. |
|
50 |
CVE-2011-4713 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2011-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php. |
