CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-6324 22 Dir. Trav. 2012-12-21 2012-12-24
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
2 CVE-2012-6064 22 1 Dir. Trav. CSRF 2012-12-03 2012-12-04
3.5
None Remote Medium Single system None Partial None
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.
3 CVE-2012-6038 22 1 Dir. Trav. 2012-11-26 2012-11-27
6.5
None Remote Low Single system Partial Partial Partial
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
4 CVE-2012-5978 22 Dir. Trav. 2012-12-19 2013-11-02
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
5 CVE-2012-5969 22 Dir. Trav. 2012-12-19 2012-12-19
4.8
None Local Network Low Not required Partial Partial None
Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi.
6 CVE-2012-5931 22 Dir. Trav. 2012-12-24 2013-01-08
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
7 CVE-2012-5907 22 1 Dir. Trav. 2012-11-17 2012-11-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
8 CVE-2012-5687 22 1 Dir. Trav. 2012-11-01 2013-11-24
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
9 CVE-2012-5386 22 Dir. Trav. 2012-10-11 2012-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10 CVE-2012-5344 22 Dir. Trav. 2012-10-09 2013-01-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
11 CVE-2012-5335 22 1 Dir. Trav. 2012-10-08 2013-01-31
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
12 CVE-2012-5331 22 1 Dir. Trav. 2012-10-08 2013-01-31
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
13 CVE-2012-5171 22 Dir. Trav. 2012-11-08 2012-12-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file.
14 CVE-2012-5100 22 Dir. Trav. 2012-09-23 2012-09-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
15 CVE-2012-5051 22 Dir. Trav. 2012-10-05 2013-02-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors.
16 CVE-2012-4997 22 1 Dir. Trav. 2012-09-19 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
17 CVE-2012-4991 22 1 Dir. Trav. 2012-12-13 2012-12-13
8.5
None Remote Low Single system Complete Complete None
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
18 CVE-2012-4959 22 Dir. Trav. 2012-11-18 2012-11-19
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
19 CVE-2012-4958 22 Dir. Trav. 2012-11-18 2012-11-19
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
20 CVE-2012-4957 22 Dir. Trav. 2012-11-18 2012-11-19
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
21 CVE-2012-4940 22 Dir. Trav. 2012-10-31 2013-02-25
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
22 CVE-2012-4878 22 1 Dir. Trav. 2012-09-06 2012-09-10
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
23 CVE-2012-4867 22 2 Dir. Trav. 2012-09-06 2012-09-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
24 CVE-2012-4834 22 Dir. Trav. 2012-11-30 2013-04-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
25 CVE-2012-4680 22 Dir. Trav. 2012-08-27 2013-07-25
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
26 CVE-2012-4616 22 Dir. Trav. 2012-12-26 2012-12-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
27 CVE-2012-4596 22 Dir. Trav. Bypass 2012-08-22 2013-04-10
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL.
28 CVE-2012-4506 22 Dir. Trav. 2012-10-22 2012-10-23
4.6
None Remote High Single system Partial Partial Partial
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
29 CVE-2012-4356 22 Dir. Trav. 2012-08-19 2012-08-20
4.3
None Remote Medium Not required Partial None None
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
30 CVE-2012-4347 22 Dir. Trav. 2012-12-05 2013-10-11
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
31 CVE-2012-4253 22 1 Dir. Trav. 2012-08-13 2012-08-14
4.3
None Remote Medium Not required Partial None None
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
32 CVE-2012-4031 22 1 Dir. Trav. 2012-07-17 2012-08-24
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
33 CVE-2012-4027 264 Dir. Trav. 2012-07-16 2012-07-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
34 CVE-2012-3865 22 Dir. Trav. 2012-08-06 2014-10-10
3.5
None Remote Medium Single system None None Partial
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
35 CVE-2012-3588 22 1 Dir. Trav. 2012-06-19 2012-08-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.
36 CVE-2012-3380 22 Dir. Trav. 2012-08-31 2012-09-05
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
37 CVE-2012-3360 22 Dir. Trav. 2012-07-22 2012-08-16
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
38 CVE-2012-3324 22 Dir. Trav. 2012-09-25 2012-09-26
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
39 CVE-2012-3305 22 Dir. Trav. 2012-09-25 2013-01-28
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
40 CVE-2012-3011 22 Dir. Trav. 2012-09-25 2013-03-01
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request.
41 CVE-2012-2968 22 Dir. Trav. 2012-08-12 2012-09-04
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.
42 CVE-2012-2919 22 1 Dir. Trav. 2012-05-21 2012-05-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
43 CVE-2012-2597 22 Dir. Trav. 2012-06-08 2012-06-12
4.0
None Remote Low Single system Partial None None
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.
44 CVE-2012-2560 22 Dir. Trav. 2012-07-04 2012-07-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001.
45 CVE-2012-2435 22 Dir. Trav. CSRF 2012-05-27 2012-05-29
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
46 CVE-2012-2421 22 Dir. Trav. 2012-04-25 2012-04-27
1.8
None Local Network High Not required Partial None None
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.
47 CVE-2012-2227 22 1 Exec Code Dir. Trav. 2012-08-26 2012-10-30
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
48 CVE-2012-2215 22 Dir. Trav. 2012-04-09 2012-11-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
49 CVE-2012-2208 22 1 Dir. Trav. 2012-08-14 2012-12-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
50 CVE-2012-2202 22 Dir. Trav. 2012-07-27 2012-11-06
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.
Total number of vulnerabilities : 122   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.