{ "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1617", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20120307 OSClass directory traversal (leads to arbitrary file upload)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html" }, { "name": "48284", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48284" }, { "name": "[oss-security] 20120403 Re: CVE request: OSClass directory traversal vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/03/1" }, { "name": "https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a", "refsource": "CONFIRM", "url": "https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a" }, { "name": "[oss-security] 20120404 Re: CVE request: OSClass directory traversal vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/04/7" }, { "name": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1", "refsource": "CONFIRM", "url": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1" }, { "name": "http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability", "refsource": "MISC", "url": "http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability" }, { "name": "http://osclass.org/2012/03/05/osclass-2-3-6/", "refsource": "CONFIRM", "url": "http://osclass.org/2012/03/05/osclass-2-3-6/" }, { "name": "52336", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52336" }, { "name": "[oss-security] 20120402 Re: CVE request: OSClass directory traversal vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/02/6" }, { "name": "https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b", "refsource": "CONFIRM", "url": "https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b" }, { "name": "[oss-security] 20120402 CVE request: OSClass directory traversal vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/02/1" }, { "name": "osclass-directory-traversal(73754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73754" }, { "name": "osclass-file-upload(73755)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73755" } ] } }