| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-5028 |
22 |
|
Dir. Trav. |
2011-12-29 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. |
|
2 |
CVE-2011-4835 |
22 |
|
Dir. Trav. |
2011-12-15 |
2011-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. |
|
3 |
CVE-2011-4832 |
22 |
1
|
Dir. Trav. |
2011-12-15 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action. |
|
4 |
CVE-2011-4831 |
22 |
1
|
Dir. Trav. |
2011-12-15 |
2012-02-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action. |
|
5 |
CVE-2011-4813 |
22 |
1
|
Dir. Trav. |
2011-12-14 |
2013-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter. |
|
6 |
CVE-2011-4810 |
22 |
1
|
Dir. Trav. |
2011-12-14 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. |
|
7 |
CVE-2011-4807 |
22 |
1
|
Dir. Trav. |
2011-12-14 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. |
|
8 |
CVE-2011-4804 |
22 |
|
Dir. Trav. |
2011-12-14 |
2012-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
|
9 |
CVE-2011-4800 |
22 |
1
|
Dir. Trav. |
2011-12-14 |
2020-07-28 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. |
|
10 |
CVE-2011-4717 |
22 |
|
Dir. Trav. |
2011-12-20 |
2011-12-20 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command. |
|
11 |
CVE-2011-4716 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2013-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. |
|
12 |
CVE-2011-4715 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. |
|
13 |
CVE-2011-4714 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL. |
|
14 |
CVE-2011-4713 |
22 |
1
|
Dir. Trav. |
2011-12-08 |
2011-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php. |
|
15 |
CVE-2011-4712 |
22 |
|
Dir. Trav. |
2011-12-08 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. |
|
16 |
CVE-2011-4711 |
22 |
|
Dir. Trav. |
2011-12-08 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter. |
|
17 |
CVE-2011-4675 |
22 |
|
Dir. Trav. |
2011-12-05 |
2021-06-25 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932. |
|
18 |
CVE-2011-4596 |
22 |
|
Dir. Trav. |
2011-12-23 |
2018-11-16 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. |
|
19 |
CVE-2011-4543 |
22 |
|
Dir. Trav. |
2011-12-05 |
2018-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Application/templates_modules/pages/edit.php, or (c) OM/Core/Site/Admin/Application/templates_modules/pages/uninstall.php; the (3) set parameter to OM/Core/Site/Admin/Application/templates_modules/pages/main.php; the module parameter to (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, or (11) OM/Core/Site/Admin/Application/modules_shipping/pages/uninstall.php; the filter parameter to (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, or (14) OM/Core/Site/Admin/Application/templates_modules_layout/pages/edit.php; or the template parameter to (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, or (17) OM/Core/Site/Admin/Application/templates/pages/uninstall.php. |
|
20 |
CVE-2011-4431 |
22 |
|
Exec Code Dir. Trav. |
2011-11-10 |
2012-02-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter. |
|
21 |
CVE-2011-4404 |
16 |
|
Dir. Trav. |
2011-11-19 |
2011-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. |
|
22 |
CVE-2011-4168 |
22 |
|
Dir. Trav. |
2011-12-27 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. |
|
23 |
CVE-2011-4166 |
22 |
|
Dir. Trav. |
2011-12-27 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. |
|
24 |
CVE-2011-4122 |
22 |
|
+Priv Dir. Trav. |
2011-11-17 |
2017-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass. |
|
25 |
CVE-2011-4036 |
22 |
|
Dir. Trav. |
2011-12-02 |
2011-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
|
26 |
CVE-2011-4001 |
22 |
|
Dir. Trav. |
2011-12-01 |
2011-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors. |
|
27 |
CVE-2011-3848 |
22 |
|
Dir. Trav. |
2011-10-27 |
2019-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. |
|
28 |
CVE-2011-3837 |
22 |
|
Dir. Trav. |
2011-12-24 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php. |
|
29 |
CVE-2011-3500 |
22 |
|
Dir. Trav. |
2011-09-16 |
2011-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. |
|
30 |
CVE-2011-3495 |
22 |
|
Dir. Trav. |
2011-09-16 |
2012-02-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. |
|
31 |
CVE-2011-3487 |
22 |
|
Dir. Trav. |
2011-09-16 |
2017-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. |
|
32 |
CVE-2011-3357 |
22 |
|
Dir. Trav. |
2011-09-21 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. |
|
33 |
CVE-2011-3315 |
22 |
|
Dir. Trav. |
2011-10-27 |
2014-02-27 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. |
|
34 |
CVE-2011-3305 |
22 |
|
Dir. Trav. |
2011-10-06 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. |
|
35 |
CVE-2011-3229 |
22 |
|
Exec Code Dir. Trav. |
2011-10-14 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. |
|
36 |
CVE-2011-3171 |
22 |
|
Dir. Trav. |
2011-11-04 |
2017-08-29 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors. |
|
37 |
CVE-2011-2780 |
22 |
|
Dir. Trav. |
2011-07-19 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. |
|
38 |
CVE-2011-2757 |
22 |
1
|
Dir. Trav. |
2011-07-17 |
2011-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue. |
|
39 |
CVE-2011-2755 |
22 |
|
Dir. Trav. |
2011-07-17 |
2011-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. |
|
40 |
CVE-2011-2744 |
22 |
|
Exec Code Dir. Trav. |
2011-07-19 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. |
|
41 |
CVE-2011-2718 |
22 |
|
Dir. Trav. |
2011-08-01 |
2023-02-13 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. |
|
42 |
CVE-2011-2653 |
22 |
|
Exec Code Dir. Trav. |
2011-12-08 |
2012-03-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file. |
|
43 |
CVE-2011-2643 |
22 |
|
Dir. Trav. |
2011-08-01 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. |
|
44 |
CVE-2011-2524 |
22 |
|
Dir. Trav. |
2011-08-31 |
2012-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. |
|
45 |
CVE-2011-2508 |
22 |
|
Dir. Trav. |
2011-07-14 |
2018-10-09 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. |
|
46 |
CVE-2011-2474 |
22 |
|
Dir. Trav. |
2011-06-09 |
2011-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. |
|
47 |
CVE-2011-2472 |
22 |
|
Dir. Trav. |
2011-06-09 |
2017-08-29 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760. |
|
48 |
CVE-2011-2468 |
22 |
|
Dir. Trav. |
2011-06-09 |
2012-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request. |
|
49 |
CVE-2011-2167 |
22 |
|
Dir. Trav. |
2011-05-24 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script. |
|
50 |
CVE-2011-1932 |
22 |
|
Dir. Trav. |
2011-12-05 |
2021-06-25 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game. |
