5

CVE-2011-1715

Exploit
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QooxdooQooxdoo Version1.3
   EyeosEyeos Version2.2
   EyeosEyeos Version2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.88% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/
http://secunia.com/advisories/43818
Vendor Advisory
http://secunia.com/advisories/43997
Vendor Advisory
http://www.exploit-db.com/exploits/17127
Exploit
http://www.securityfocus.com/bid/47184
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/66574
http://osvdb.org/71719
Exploit
http://osvdb.org/71721
http://www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/66575