Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
4.0
EPSS Score
1.44%
Published
2011-12-29
Updated
2017-08-29
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.26%
Published
2011-12-15
Updated
2011-12-15
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.
Max CVSS
7.5
EPSS Score
1.43%
Published
2011-12-15
Updated
2017-08-29
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.
Max CVSS
4.0
EPSS Score
0.42%
Published
2011-12-15
Updated
2012-02-09
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.
Max CVSS
5.0
EPSS Score
0.51%
Published
2011-12-14
Updated
2013-07-31
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
Max CVSS
5.0
EPSS Score
0.58%
Published
2011-12-14
Updated
2012-02-10
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
Max CVSS
5.0
EPSS Score
0.57%
Published
2011-12-14
Updated
2012-02-10
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Max CVSS
5.0
EPSS Score
43.31%
Published
2011-12-14
Updated
2012-02-10
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
Max CVSS
9.0
EPSS Score
1.01%
Published
2011-12-14
Updated
2020-07-28
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.
Max CVSS
5.5
EPSS Score
0.39%
Published
2011-12-20
Updated
2011-12-20
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
Max CVSS
5.0
EPSS Score
0.59%
Published
2011-12-08
Updated
2013-08-22
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
Max CVSS
5.0
EPSS Score
6.66%
Published
2011-12-08
Updated
2017-08-29
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
Max CVSS
5.0
EPSS Score
2.57%
Published
2011-12-08
Updated
2017-08-29
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
Max CVSS
5.0
EPSS Score
6.15%
Published
2011-12-08
Updated
2011-12-09
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
Max CVSS
5.0
EPSS Score
5.78%
Published
2011-12-08
Updated
2018-10-09
Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter.
Max CVSS
5.0
EPSS Score
0.34%
Published
2011-12-08
Updated
2017-08-29
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.
Max CVSS
6.4
EPSS Score
0.20%
Published
2011-12-05
Updated
2021-06-25
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
Max CVSS
6.0
EPSS Score
0.51%
Published
2011-12-23
Updated
2018-11-16
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Application/templates_modules/pages/edit.php, or (c) OM/Core/Site/Admin/Application/templates_modules/pages/uninstall.php; the (3) set parameter to OM/Core/Site/Admin/Application/templates_modules/pages/main.php; the module parameter to (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, or (11) OM/Core/Site/Admin/Application/modules_shipping/pages/uninstall.php; the filter parameter to (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, or (14) OM/Core/Site/Admin/Application/templates_modules_layout/pages/edit.php; or the template parameter to (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, or (17) OM/Core/Site/Admin/Application/templates/pages/uninstall.php.
Max CVSS
7.5
EPSS Score
1.20%
Published
2011-12-05
Updated
2018-01-06
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
Max CVSS
6.5
EPSS Score
0.26%
Published
2011-11-10
Updated
2012-02-14

CVE-2011-4404

Public exploit
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
Max CVSS
5.0
EPSS Score
96.63%
Published
2011-11-19
Updated
2011-12-13
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
Max CVSS
7.5
EPSS Score
10.83%
Published
2011-12-27
Updated
2019-10-09

CVE-2011-4166

Public exploit
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
Max CVSS
7.5
EPSS Score
95.57%
Published
2011-12-27
Updated
2019-10-09
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.
Max CVSS
6.9
EPSS Score
0.06%
Published
2011-11-17
Updated
2017-08-29
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.22%
Published
2011-12-02
Updated
2011-12-02
110 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!