CVE-2012-1025
published 2012-02-08CVE-2012-1025: Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.21%
92.6th percentile
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
| dream-multimedia-tv | enigma2_webinterface | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8xrc-jf3x-947m: Absolute path traversal vulnerability in file in Enigma2 Webinterface 1
ghsa_unreviewed·2022-05-17
CVE-2012-1025 [MEDIUM] CWE-22 GHSA-8xrc-jf3x-947m: Absolute path traversal vulnerability in file in Enigma2 Webinterface 1
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
Red Hat
Webkitgtk: google chrome update [30-April-2012]
vendor_redhat·2012-05-01·CVSS 6.8
CVE-2011-3078 [MEDIUM] Webkitgtk: google chrome update [30-April-2012]
Webkitgtk: google chrome update [30-April-2012]
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Webkitgtk: google chrome update [30-April-2012]
vendor_redhat·2012-05-01·CVSS 6.8
CVE-2011-3081 [MEDIUM] Webkitgtk: google chrome update [30-April-2012]
Webkitgtk: google chrome update [30-April-2012]
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Webkitgtk: google chrome update [30-April-2012]
vendor_redhat·2012-05-01·CVSS 6.8
CVE-2012-1521 [MEDIUM] Webkitgtk: google chrome update [30-April-2012]
Webkitgtk: google chrome update [30-April-2012]
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
vendor_redhat·2012-04-24·CVSS 6.8
CVE-2011-3062 [MEDIUM] CWE-193 Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
Red Hat
Webkitgtk: google chrome update [28-March-2012]
vendor_redhat·2012-03-28·CVSS 6.8
CVE-2011-3060 [MEDIUM] Webkitgtk: google chrome update [28-March-2012]
Webkitgtk: google chrome update [28-March-2012]
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Webkitgtk: google chrome update [28-March-2012]
vendor_redhat·2012-03-28·CVSS 6.8
CVE-2011-3059 [MEDIUM] Webkitgtk: google chrome update [28-March-2012]
Webkitgtk: google chrome update [28-March-2012]
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No writeups or analysis indexed.
2012-02-08
Published