CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities Published In 2013 (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6688 22 Dir. Trav. 2013-11-17 2013-11-19
6.3
None Remote Medium Single system None Complete None
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
2 CVE-2013-5554 22 Dir. Trav. 2013-11-07 2013-11-08
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
3 CVE-2013-5534 22 Exec Code Dir. Trav. 2013-10-19 2013-10-21
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
4 CVE-2013-5528 22 Dir. Trav. 2013-10-10 2013-10-23
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
5 CVE-2013-5486 78 1 Exec Code Dir. Trav. 2013-09-23 2014-01-17
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
6 CVE-2013-3457 22 Dir. Trav. 2013-08-12 2013-09-10
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
7 CVE-2013-3429 22 Dir. Trav. 2013-07-25 2013-08-19
7.8
None Remote Low Not required Complete None None
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
8 CVE-2013-1224 22 Dir. Trav. 2013-05-09 2013-07-08
7.8
None Remote Low Not required None Complete None
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
9 CVE-2013-1167 22 DoS Dir. Trav. 2013-04-11 2013-04-11
7.1
None Remote Medium Not required None None Complete
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
10 CVE-2013-1156 22 Dir. Trav. 2013-05-01 2013-05-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
11 CVE-2012-4141 264 Dir. Trav. 2013-10-05 2013-10-23
6.2
None Local Low Single system Complete Complete None
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
12 CVE-2012-4135 22 Dir. Trav. 2013-12-21 2013-12-23
4.6
None Local Low Single system None Complete None
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
13 CVE-2012-4131 22 Dir. Trav. 2013-12-21 2013-12-23
4.6
None Local Low Single system Complete None None
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
14 CVE-2012-4104 22 Dir. Trav. 2013-10-02 2013-10-03
6.6
None Local Medium Single system Complete Complete Complete
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.