Security Vulnerabilities, CVEs, Published In September 2013 (Directory traversal)

CVE-2013-5751

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.57%
Published
2013-09-16
Updated
2017-08-29

CVE-2013-5692

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
Max CVSS
8.5
EPSS Score
0.26%
Published
2013-09-30
Updated
2013-10-01

CVE-2013-5486

Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.13%
Published
2013-09-23
Updated
2016-09-16

CVE-2013-5216

Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.36%
Published
2013-09-12
Updated
2013-09-13

CVE-2013-4900

Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
Max CVSS
5.0
EPSS Score
1.45%
Published
2013-09-09
Updated
2013-09-13

CVE-2013-4315

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.
Max CVSS
5.0
EPSS Score
0.54%
Published
2013-09-16
Updated
2013-12-10

CVE-2013-3658

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.
Max CVSS
9.4
EPSS Score
0.25%
Published
2013-09-10
Updated
2013-09-12

CVE-2013-2068

Public exploit
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
Max CVSS
9.4
EPSS Score
62.43%
Published
2013-09-28
Updated
2014-01-14

CVE-2013-1645

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.
Max CVSS
4.0
EPSS Score
0.17%
Published
2013-09-05
Updated
2013-09-26
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close