| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-2919 |
22 |
1
|
Dir. Trav. |
2012-05-21 |
2012-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. |
|
2 |
CVE-2012-2421 |
22 |
|
Dir. Trav. |
2012-04-25 |
2012-04-27 |
1.8 |
None |
Local Network |
High |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI. |
|
3 |
CVE-2012-2215 |
22 |
|
Dir. Trav. |
2012-04-09 |
2012-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. |
|
4 |
CVE-2012-1919 |
94 |
|
Dir. Trav. |
2012-03-27 |
2012-03-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter. |
|
5 |
CVE-2012-1918 |
22 |
|
Dir. Trav. |
2012-03-27 |
2012-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter. |
|
6 |
CVE-2012-1917 |
22 |
|
Dir. Trav. |
2012-03-27 |
2012-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence. |
|
7 |
CVE-2012-1841 |
22 |
|
Dir. Trav. |
2012-03-22 |
2012-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. |
|
8 |
CVE-2012-1839 |
22 |
|
Dir. Trav. |
2012-03-22 |
2012-04-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. |
|
9 |
CVE-2012-1790 |
22 |
2
|
Dir. Trav. |
2012-03-19 |
2012-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. |
|
10 |
CVE-2012-1497 |
22 |
|
Dir. Trav. |
2012-03-02 |
2012-03-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. |
|
11 |
CVE-2012-1289 |
22 |
|
Dir. Trav. |
2012-02-23 |
2012-02-24 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. |
|
12 |
CVE-2012-1226 |
22 |
1
|
Exec Code Dir. Trav. |
2012-02-21 |
2012-03-20 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. |
|
13 |
CVE-2012-1221 |
22 |
|
Dir. Trav. |
2012-02-21 |
2012-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. |
|
14 |
CVE-2012-1207 |
22 |
1
|
Dir. Trav. |
2012-02-24 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php. |
|
15 |
CVE-2012-1196 |
22 |
|
Dir. Trav. |
2012-02-17 |
2012-02-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. |
|
16 |
CVE-2012-1172 |
20 |
|
DoS Dir. Trav. |
2012-05-23 |
2012-05-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. |
|
17 |
CVE-2012-1089 |
22 |
|
Dir. Trav. |
2012-03-23 |
2012-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package. |
|
18 |
CVE-2012-1050 |
22 |
|
Dir. Trav. |
2012-02-13 |
2012-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header. |
|
19 |
CVE-2012-1047 |
22 |
1
|
Dir. Trav. |
2012-02-12 |
2012-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action. |
|
20 |
CVE-2012-1025 |
22 |
1
|
Dir. Trav. |
2012-02-07 |
2012-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. |
|
21 |
CVE-2012-1024 |
22 |
1
|
Dir. Trav. |
2012-02-07 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
|
22 |
CVE-2012-0998 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. |
|
23 |
CVE-2012-0996 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. |
|
24 |
CVE-2012-0991 |
22 |
|
Dir. Trav. |
2012-02-07 |
2012-02-08 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. |
|
25 |
CVE-2012-0981 |
22 |
1
|
Dir. Trav. |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information. |
|
26 |
CVE-2012-0907 |
22 |
|
Dir. Trav. |
2012-01-20 |
2012-01-23 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. |
|
27 |
CVE-2012-0898 |
22 |
1
|
Dir. Trav. |
2012-01-20 |
2012-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. |
|
28 |
CVE-2012-0896 |
22 |
2
|
Dir. Trav. |
2012-01-20 |
2012-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. |
|
29 |
CVE-2012-0697 |
22 |
|
Dir. Trav. |
2012-01-12 |
2012-01-23 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. |
|
30 |
CVE-2012-0403 |
22 |
|
Dir. Trav. |
2012-03-20 |
2012-04-17 |
6.3 |
None |
Remote |
Medium |
Single system |
Complete |
None |
None |
|
Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. |
|
31 |
CVE-2012-0365 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-03-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. |
|
32 |
CVE-2012-0294 |
22 |
|
Dir. Trav. |
2012-05-23 |
2012-05-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. |
|
33 |
CVE-2012-0246 |
22 |
|
Exec Code Dir. Trav. |
2012-04-02 |
2012-04-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. |
|
34 |
CVE-2012-0232 |
22 |
|
Dir. Trav. |
2012-03-15 |
2012-03-16 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. |
|
35 |
CVE-2011-4880 |
22 |
|
Dir. Trav. |
2012-04-13 |
2012-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request. |
|
36 |
CVE-2011-4878 |
22 |
|
Dir. Trav. |
2012-02-03 |
2012-02-06 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. |
|
37 |
CVE-2011-4876 |
22 |
|
Dir. Trav. |
2012-02-03 |
2012-02-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. |
|
38 |
CVE-2011-4788 |
22 |
|
Dir. Trav. |
2012-01-12 |
2012-02-09 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. |
|
39 |
CVE-2011-4785 |
200 |
|
Dir. Trav. +Info |
2012-01-10 |
2012-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419. |
|
40 |
CVE-2011-4643 |
22 |
1
|
Dir. Trav. |
2012-01-03 |
2012-01-31 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. |
|
41 |
CVE-2011-4532 |
22 |
|
Dir. Trav. |
2012-01-08 |
2012-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. |
|
42 |
CVE-2011-4135 |
22 |
|
Exec Code Dir. Trav. |
2012-01-19 |
2012-01-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389. |
|
43 |
CVE-2011-1389 |
22 |
|
Exec Code Dir. Trav. |
2012-01-19 |
2012-01-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135. |
|
44 |
CVE-2010-5102 |
22 |
|
Dir. Trav. |
2012-05-21 |
2012-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. |
|
45 |
CVE-2010-5101 |
22 |
|
Dir. Trav. File Inclusion |
2012-05-21 |
2012-05-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." |
|
46 |
CVE-2010-5086 |
22 |
1
|
Dir. Trav. |
2012-03-19 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter. |
|
47 |
CVE-2009-5114 |
22 |
|
Dir. Trav. |
2012-03-19 |
2012-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. |
