Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1715

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1715
Last Modified 19 Apr 2011 12:00:00
Published 18 Apr 2011 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1715

Summary

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.

Vulnerable Systems

Application

  • Qooxdoo 1.3


References

XF - eyeos-delay-file-include(66575)

XF - eyeos-jsonpprimitive-xss(66574)

BID - 47184

EXPLOIT-DB - 17127

MISC - http://www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.html

SECUNIA - 43997

SECUNIA - 43818

OSVDB - 71721

OSVDB - 71719

CONFIRM - http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/


Last Updated: 27 May 2016 10:56:24