CVE-2011-4450
published 2012-09-05CVE-2011-4450: Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files…
PriorityP345medium6.4CVSS 2.0
AVNACLAuNCPINAP
EXPLOIT
EPSS
7.48%
93.7th percentile
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikkawiki | wikkawiki | — | — |
| wikkawiki | wikkawiki | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vendor_redhat3.7LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7pvf-w937-x95j: Directory traversal vulnerability in handlers/files
ghsa_unreviewed·2022-05-17
CVE-2011-4450 [MEDIUM] CWE-22 GHSA-7pvf-w937-x95j: Directory traversal vulnerability in handlers/files
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Red Hat
OpenJDK Launcher incorrect processing of empty library path entries (6983554)
vendor_redhat·2011-02-15·CVSS 3.7
CVE-2010-4450 [LOW] OpenJDK Launcher incorrect processing of empty library path entries (6983554)
OpenJDK Launcher incorrect processing of empty library path entries (6983554)
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
No detection rules found.
2012-09-05
Published