Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-4931

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Oct, 2011 | 10:00
Updated At-16 Sep, 2024 | 20:07
Rejected At-
Credits

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Oct, 2011 | 10:00
Updated At:16 Sep, 2024 | 20:07
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/42456
vdb-entry
x_refsource_BID
http://www.exploit-db.com/exploits/14647
exploit
x_refsource_EXPLOIT-DB
http://attrition.org/pipermail/vim/2010-August/002391.html
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/42456
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.exploit-db.com/exploits/14647
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://attrition.org/pipermail/vim/2010-August/002391.html
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/42456
vdb-entry
x_refsource_BID
x_transferred
http://www.exploit-db.com/exploits/14647
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://attrition.org/pipermail/vim/2010-August/002391.html
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/42456
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/14647
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://attrition.org/pipermail/vim/2010-August/002391.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Oct, 2011 | 10:55
Updated At:11 Apr, 2025 | 00:51

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
php-fusion
php-fusion
>>php-fusion>>-
cpe:2.3:a:php-fusion:php-fusion:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://attrition.org/pipermail/vim/2010-August/002391.htmlcve@mitre.org
Exploit
Third Party Advisory
http://www.exploit-db.com/exploits/14647cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/42456cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://attrition.org/pipermail/vim/2010-August/002391.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
http://www.exploit-db.com/exploits/14647af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/42456af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://attrition.org/pipermail/vim/2010-August/002391.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://www.exploit-db.com/exploits/14647
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/42456
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://attrition.org/pipermail/vim/2010-August/002391.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: http://www.exploit-db.com/exploits/14647
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/42456
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

122Records found
CVE-2011-4135
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.61% / 92.98%
||
7 Day CHG~0.00%
Published-19 Jan, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.

Action-Not Available
Vendor-flexerasoftwaren/a
Product-flexnet_publishern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-12990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-91.07% / 99.63%
||
7 Day CHG~0.00%
Published-16 Jul, 2019 | 17:29
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-sd-wannetscaler_sd-wann/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-2241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.95% / 91.04%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupserver_protection_suitebusiness_protection_suiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-85.82% / 99.34%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 20:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-arcserve_backupserver_protection_suitebusiness_protection_suiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.98% / 82.84%
||
7 Day CHG~0.00%
Published-09 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.

Action-Not Available
Vendor-customcmsn/a
Product-ccmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-5997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.86% / 95.94%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.

Action-Not Available
Vendor-ravpowern/a
Product-filehub_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2008-1117
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-77.31% / 98.94%
||
7 Day CHG~0.00%
Published-14 Mar, 2008 | 20:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.

Action-Not Available
Vendor-netopian/a
Product-timbuktu_pron/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-14007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.53% / 88.73%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix XenServer 7.1 and newer allows Directory Traversal.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenservern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-41290
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.31%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 10:40
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOA BAS controller - Path Traversal-1

ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device.

Action-Not Available
Vendor-ecoaECOA
Product-ecs_router_controller-ecs_firmwareecs_router_controller-ecsriskbusterriskterminatorriskbuster_firmwareECS Router Controller ECS (FLASH)RiskBuster System RB 3.0.0RiskBuster System TRANE 1.0Graphic Control SoftwareRiskBuster Terminator E6L45SmartHome II E9246RiskTerminator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-8947
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-66.25% / 98.46%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-ucmdb_configuration_managerUCMDB
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-5219
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.03% / 88.03%
||
7 Day CHG~0.00%
Published-02 Feb, 2017 | 06:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided in zip file will be extracted onto the filesystem. In this case, a web shell with the filename '..\WWWRoot\CustomPages\aspshell.asp' was included within the zip file that, when extracted, traversed back out of the inf directory and into the SageCRM webroot. This permitted remote interaction with the underlying filesystem with the highest privilege level, SYSTEM.

Action-Not Available
Vendor-sagecrmn/a
Product-sagecrmn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-38197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.31%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 15:18
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.

Action-Not Available
Vendor-go-unarr_projectn/a
Product-go-unarrn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16720
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-27.21% / 96.21%
||
7 Day CHG~0.00%
Published-05 Jan, 2018 | 08:00
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessAdvantech WebAccess
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-3495
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.34% / 91.92%
||
7 Day CHG~0.00%
Published-16 Sep, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

Action-Not Available
Vendor-measuresoftn/a
Product-scadapron/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-29212
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-15.48% / 94.39%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 13:18
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Action-Not Available
Vendor-n/aHP Inc.
Product-ilo_amplifier_packiLO Amplifier Pack
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-1900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-49.26% / 97.70%
||
7 Day CHG~0.00%
Published-04 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.

Action-Not Available
Vendor-indusoftn/a
Product-web_studion/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-2653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-83.20% / 99.22%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.

Action-Not Available
Vendor-n/aNovell
Product-zenworks_asset_managementn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-25140
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-5.60% / 89.95%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 16:08
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

Action-Not Available
Vendor-n/aHP Inc.
Product-moonshot_provisioning_managerHPE Moonshot Provisioning Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.73% / 71.69%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aNovell
Product-open_enterprise_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-6221
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-84.14% / 99.26%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_virtualizationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-8271
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-39.30% / 97.18%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 00:32
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-sd-wanCitrix SD-WAN Center
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5902
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 00:00
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerbig-ip_advanced_firewall_managerbig-ip_link_controllerbig-ip_global_traffic_managerssl_orchestratorbig-ip_ddos_hybrid_defenderbig-ip_application_acceleration_managerbig-ip_application_security_managerbig-ip_fraud_protection_servicebig-ip_domain_name_systembig-ip_analyticsbig-ip_local_traffic_managerbig-ip_policy_enforcement_managerbig-ip_advanced_web_application_firewallBIG-IPBIG-IP
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found