Security Vulnerabilities, CVEs, Published In September 2012 (Directory traversal)
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
Max CVSS
5.0
EPSS Score
3.11%
Published
2012-09-23
Updated
2017-08-29
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
Max CVSS
7.5
EPSS Score
2.06%
Published
2012-09-19
Updated
2017-08-29
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
Max CVSS
5.0
EPSS Score
0.54%
Published
2012-09-06
Updated
2017-08-29
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
Max CVSS
5.0
EPSS Score
10.56%
Published
2012-09-06
Updated
2012-09-07
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
Max CVSS
9.0
EPSS Score
0.22%
Published
2012-09-25
Updated
2017-08-29
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
Max CVSS
6.4
EPSS Score
0.40%
Published
2012-09-25
Updated
2017-08-29
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request.
Max CVSS
7.8
EPSS Score
0.34%
Published
2012-09-25
Updated
2013-03-02
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.
Max CVSS
6.4
EPSS Score
1.67%
Published
2012-09-26
Updated
2017-08-29
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.
Max CVSS
6.5
EPSS Score
0.39%
Published
2012-09-06
Updated
2012-09-13
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.
Max CVSS
6.8
EPSS Score
1.69%
Published
2012-09-06
Updated
2017-08-29
CVE-2012-0419
Public exploit
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
Max CVSS
5.0
EPSS Score
96.49%
Published
2012-09-28
Updated
2013-04-05
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Max CVSS
6.4
EPSS Score
0.52%
Published
2012-09-05
Updated
2012-09-13
12 vulnerabilities found