Security Vulnerabilities, CVEs, Published In April 2011 (Directory traversal)
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
Max CVSS
5.0
EPSS Score
4.31%
Published
2011-04-18
Updated
2017-08-17
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
Max CVSS
4.3
EPSS Score
0.26%
Published
2011-04-22
Updated
2017-08-17
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
Max CVSS
5.0
EPSS Score
2.97%
Published
2011-04-10
Updated
2017-08-17
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
Max CVSS
7.5
EPSS Score
11.58%
Published
2011-04-18
Updated
2021-04-12
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
Max CVSS
5.0
EPSS Score
1.18%
Published
2011-04-29
Updated
2017-08-17
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Max CVSS
5.8
EPSS Score
0.49%
Published
2011-04-27
Updated
2023-02-13
CVE-2011-1566
Public exploit
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
Max CVSS
10.0
EPSS Score
86.93%
Published
2011-04-05
Updated
2012-05-12
CVE-2011-1565
Public exploit
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.
Max CVSS
10.0
EPSS Score
43.44%
Published
2011-04-05
Updated
2011-09-22
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
Max CVSS
6.0
EPSS Score
1.02%
Published
2011-04-27
Updated
2017-08-17
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
Max CVSS
6.8
EPSS Score
0.67%
Published
2011-04-27
Updated
2017-08-17
Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
Max CVSS
5.8
EPSS Score
0.31%
Published
2011-04-27
Updated
2018-10-10
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.
Max CVSS
10.0
EPSS Score
90.32%
Published
2011-04-18
Updated
2018-10-10
12 vulnerabilities found