Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-4717

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Dec, 2011 | 11:00
Updated At-17 Sep, 2024 | 02:10
Rejected At-
Credits

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Dec, 2011 | 11:00
Updated At:17 Sep, 2024 | 02:10
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://forum.zftpserver.com/viewtopic.php?f=4&t=2927
x_refsource_CONFIRM
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txt
x_refsource_MISC
Hyperlink: http://forum.zftpserver.com/viewtopic.php?f=4&t=2927
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txt
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://forum.zftpserver.com/viewtopic.php?f=4&t=2927
x_refsource_CONFIRM
x_transferred
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txt
x_refsource_MISC
x_transferred
Hyperlink: http://forum.zftpserver.com/viewtopic.php?f=4&t=2927
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Dec, 2011 | 11:55
Updated At:11 Apr, 2025 | 00:51

Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.5MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P
CPE Matches
zftpserver
zftpserver
>>zftpserver_suite>>6.0.0.52
cpe:2.3:a:zftpserver:zftpserver_suite:6.0.0.52:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://forum.zftpserver.com/viewtopic.php?f=4&t=2927cve@mitre.org
N/A
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txtcve@mitre.org
N/A
http://forum.zftpserver.com/viewtopic.php?f=4&t=2927af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://forum.zftpserver.com/viewtopic.php?f=4&t=2927
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://forum.zftpserver.com/viewtopic.php?f=4&t=2927
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-09.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

107Records found
CVE-2019-0226
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.9||MEDIUM
EPSS-1.62% / 81.05%
||
7 Day CHG~0.00%
Published-09 May, 2019 | 13:31
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.

Action-Not Available
Vendor-The Apache Software Foundation
Product-karafKaraf
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-1490
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.5||MEDIUM
EPSS-2.35% / 84.27%
||
7 Day CHG~0.00%
Published-01 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-0171
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.93% / 75.15%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_siteprotector_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-8163
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.73%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satelliten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-34129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 14:05
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.

Action-Not Available
Vendor-laiketuin/a
Product-laiketuin/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-26719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.26%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:43
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations.

Action-Not Available
Vendor-n/aGradle, Inc.
Product-test_distributionmavenenterprise_test_distribution_agentn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-24639
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 10:06
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.

Action-Not Available
Vendor-ffwUnknown
Product-omgfOMGF | Host Google Fonts Locally
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found