CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3323 22 Dir. Trav. 2014-07-17 2014-08-01
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.
2 CVE-2014-3319 22 Dir. Trav. 2014-07-14 2014-07-18
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
3 CVE-2014-3318 20 Dir. Trav. 2014-07-10 2014-07-18
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
4 CVE-2014-3317 22 Dir. Trav. 2014-07-14 2014-07-18
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
5 CVE-2014-2145 22 Dir. Trav. 2014-04-05 2014-04-07
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
6 CVE-2014-0666 22 Exec Code Dir. Trav. 2014-01-16 2014-01-23
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.
7 CVE-2013-6975 22 Dir. Trav. 2014-05-20 2014-05-20
4.6
None Local Low Single system Complete None None
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
8 CVE-2013-6688 22 Dir. Trav. 2013-11-17 2013-11-19
6.3
None Remote Medium Single system None Complete None
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
9 CVE-2013-5554 22 Dir. Trav. 2013-11-07 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
10 CVE-2013-5534 22 Exec Code Dir. Trav. 2013-10-19 2013-10-21
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
11 CVE-2013-5528 22 Dir. Trav. 2013-10-10 2013-10-23
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
12 CVE-2013-5486 78 1 Exec Code Dir. Trav. 2013-09-23 2014-01-17
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
13 CVE-2013-3457 22 Dir. Trav. 2013-08-12 2013-09-10
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
14 CVE-2013-3429 22 Dir. Trav. 2013-07-25 2013-08-19
7.8
None Remote Low Not required Complete None None
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
15 CVE-2013-1224 22 Dir. Trav. 2013-05-09 2013-07-08
7.8
None Remote Low Not required None Complete None
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
16 CVE-2013-1167 22 DoS Dir. Trav. 2013-04-11 2013-04-11
7.1
None Remote Medium Not required None None Complete
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
17 CVE-2013-1156 22 Dir. Trav. 2013-05-01 2013-05-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
18 CVE-2012-4141 264 Dir. Trav. 2013-10-05 2013-10-23
6.2
None Local Low Single system Complete Complete None
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
19 CVE-2012-4135 22 Dir. Trav. 2013-12-21 2013-12-23
4.6
None Local Low Single system None Complete None
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
20 CVE-2012-4131 22 Dir. Trav. 2013-12-21 2013-12-23
4.6
None Local Low Single system Complete None None
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
21 CVE-2012-4104 22 Dir. Trav. 2013-10-02 2013-10-03
6.6
None Local Medium Single system Complete Complete Complete
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.
22 CVE-2012-0365 22 Dir. Trav. 2012-02-24 2012-03-06
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009.
23 CVE-2011-3315 22 Dir. Trav. 2011-10-27 2014-02-27
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
24 CVE-2011-3305 22 Dir. Trav. 2011-10-06 2011-10-20
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
25 CVE-2011-1607 22 Dir. Trav. 2011-05-03 2011-05-11
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
26 CVE-2011-0966 22 1 Dir. Trav. 2011-05-20 2011-05-24
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
27 CVE-2010-1577 22 Dir. Trav. 2010-07-28 2010-07-28
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.
28 CVE-2010-1571 22 Dir. Trav. 2010-06-09 2010-06-17
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
29 CVE-2010-0146 22 Dir. Trav. 2010-02-23 2010-02-24
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
30 CVE-2009-2047 22 Dir. Trav. 2009-07-16 2009-09-25
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
31 CVE-2009-1559 22 Dir. Trav. 2009-05-06 2009-05-08
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible.
32 CVE-2009-1558 22 Dir. Trav. 2009-05-06 2009-05-08
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
33 CVE-2009-1161 22 Dir. Trav. 2009-05-21 2009-06-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
34 CVE-2009-0615 22 Dir. Trav. 2009-02-26 2009-03-03
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
35 CVE-2002-0908 Dir. Trav. 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.
36 CVE-2001-0020 Dir. Trav. 2001-02-12 2008-09-05
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.