Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://osvdb.org/show/osvdb/107742 | vdb-entry x_refsource_OSVDB |
| http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/67902 | vdb-entry x_refsource_BID |
| http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2014/Jun/24 | mailing-list x_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/532304/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager | x_refsource_MISC |
| http://www.exploit-db.com/exploits/33700 | exploit x_refsource_EXPLOIT-DB |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://osvdb.org/show/osvdb/107742 | vdb-entry x_refsource_OSVDB x_transferred |
| http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 | x_refsource_CONFIRM x_transferred |
| http://www.securityfocus.com/bid/67902 | vdb-entry x_refsource_BID x_transferred |
| http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html | x_refsource_MISC x_transferred |
| http://seclists.org/fulldisclosure/2014/Jun/24 | mailing-list x_refsource_FULLDISC x_transferred |
| http://www.securityfocus.com/archive/1/532304/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager | x_refsource_MISC x_transferred |
| http://www.exploit-db.com/exploits/33700 | exploit x_refsource_EXPLOIT-DB x_transferred |
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.5 | MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |