Security Vulnerabilities, CVEs, Published In September 2011 (Directory traversal)

Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.

Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.

Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.

Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.