{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "107742", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/show/osvdb/107742"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2"}, {"name": "67902", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67902"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html"}, {"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Jun/24"}, {"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager"}, {"name": "33700", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/33700"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "107742", "refsource": "OSVDB", "url": "http://osvdb.org/show/osvdb/107742"}, {"name": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2", "refsource": "CONFIRM", "url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2"}, {"name": "67902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67902"}, {"name": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html"}, {"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Jun/24"}, {"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded"}, {"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager", "refsource": "MISC", "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager"}, {"name": "33700", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/33700"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:21:34.664Z"}, "title": "CVE Program Container", "references": [{"name": "107742", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/show/osvdb/107742"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2"}, {"name": "67902", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67902"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html"}, {"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Jun/24"}, {"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager"}, {"name": "33700", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/33700"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2575", "datePublished": "2014-06-06T14:00:00", "dateReserved": "2014-03-21T00:00:00", "dateUpdated": "2024-08-06T10:21:34.664Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DE44CD4-8B78-41DB-BD93-320AACCF04EC", "versionEndIncluding": "13.1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B481A50-F12D-49C1-993F-BDA9B6469308", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D29EAF0-1BF5-4688-8A61-3F1CEB391EA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "5C1CE9AE-FA74-496D-9322-B0E43C322313", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "126F2377-DB2A-444D-ADA3-FA3FDBCE2F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "1DE2FF8D-3A08-4A63-8C5A-FD008A455950", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "7B67F786-CC7F-4D1C-8AB6-B31176196C8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F10E34D-990E-48CE-A29E-C7BC4A5F274D", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "94B8D8A9-8833-4207-AA13-6BF8212EFAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "8566F558-15DE-47A9-A1A4-32E1B100F404", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD706CF4-4009-4DED-BE36-2BB2B02B0106", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3204F394-0D37-42C4-9D1E-808B7ED64CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "83BA500D-9F1E-44F1-8B5E-C7D91745B482", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "8E02E5FB-2337-4F73-BFD2-8F04A82B5838", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B30C4624-8C2A-46F6-8FD0-06A297FBBBA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "2524E3FA-EA15-40F7-B9CD-A11F20F8D2FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2408EC5C-38FD-4FAF-9311-ED7DE5068602", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "A516EC58-205E-493C-95CF-E394AD9C79BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "D3315814-ACF4-4A9F-BE8D-CCDF48F4C07B", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "312D1205-77DD-4555-821B-AC15AA04D0C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "865CF2CB-0C62-4691-B437-A7F0E845E108", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "11D46952-D9A8-4AB2-BD88-C7AF334345D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "FA24423E-7B02-4E7D-ADF3-6F2CA3AD3A97", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "2A145FD1-138D-4AE5-A7F5-1F366C899A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "1FF9ED2F-71CF-43C4-BADA-21127449BF11", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "0B04575E-5EA9-4C11-BF05-CB0325CF5FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "3B33F742-3C02-4C5E-965C-A548AF1CAD23", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "BA960FFA-66FD-4241-B030-68E30E2A1EC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "A866BAEA-10C1-4986-8A53-1601AA35EEC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "35F04C61-4120-4491-8A52-3462222E6360", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D6E1AB2F-0983-4A11-AB33-07A96E8981B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "374B69E8-1FAE-42DC-A12B-07108D972596", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7C99452E-F48E-4B5E-83FE-8C43D4A1C57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "0F712ED9-0E3E-40B8-84C7-15F6019E7D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "044389B4-E88E-4660-AE1D-6B5DCE9BA5F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "8E6A7903-1569-4E88-ACB2-F6F896D7E331", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "33A040AF-86AA-4C75-AC19-6C3B9F8033AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8C8FB2D0-9E36-4807-B11B-E7A14845485A", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "8DB83B47-1EEC-4F17-8856-8CF21C9D9B07", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DC32505-5486-4A8F-A1AE-36DAE7BCDF1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6867507-D95E-4061-83ED-3EA51D7DA3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "1E24C61E-9BF0-45BE-8C2F-5FF576C2C4DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C007F30-A64F-4542-8C76-E7D343A2C603", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "94BF704B-E5F1-41E4-AC99-9D79D85AB0ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "44AB35BD-B5A7-4A1C-A764-287336B6EEE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "6CF07C99-A211-47BC-AB8B-F63107242EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "29EA3426-2223-47A8-8DF9-3616C35194BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "F633C7F5-B02E-468A-913F-059213222FE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "FCE47FC1-7C86-47AB-89DA-178EAAF78FA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "894863DD-5F0A-45EC-A4C5-9B17ED0A24F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "96808DEB-8CA2-42E8-8B9D-2006BDAEB3FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "60B11BEE-7A58-4C74-8FFD-4E1BBE687B75", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "38AE5721-4F6D-4FC3-BC23-A78572B95692", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "331DE4BF-A200-45FB-930A-63BD6757F290", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "64DD6C1A-C293-4D41-A33E-C37001E96139", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "0EFBB270-0F21-43C1-9F6A-898B34A7358F", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "AC6ED3EC-A009-4162-8C81-3DAD2ABF0098", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD25EFB6-9BB7-42B9-97CE-CB38B000224C", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "48D104EE-02E5-45C6-9BF9-C378447B5117", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "3E9FC164-8240-49D0-87B4-2BA94FF176BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "53C84B8E-4EB1-460A-A6DA-C49B43481D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "691BBC94-1724-4C66-85EB-F939B2A8C4E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el componente File Manager en DevExpress ASPxFileManager Control para ASP.NET WebForms y MVC anterior a 13.1.10 y 13.2.x anterior a 13.2.9 permite a usuarios remotos autenticados leer o escribir archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro __EVENTARGUMENT."}], "evaluatorComment": "Per: http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2\n\n\"Affected Products\n\nASPxFileManager Control for WebForms and MVC (v10.2 and higher)\"", "id": "CVE-2014-2575", "lastModified": "2024-11-21T02:06:33.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-06T14:55:04.870", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/show/osvdb/107742"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Jun/24"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/33700"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67902"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/show/osvdb/107742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Jun/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/33700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}