CVE-2012-4680
published 2012-08-27CVE-2012-4680: Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character…
PriorityP432medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
2.75%
84.3th percentile
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ioserver | ioserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h6mj-p863-8p6q: Directory traversal vulnerability in the XML Server in IOServer before 1
ghsa_unreviewed·2022-05-17
CVE-2012-4680 [MEDIUM] CWE-22 GHSA-h6mj-p863-8p6q: Directory traversal vulnerability in the XML Server in IOServer before 1
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
CISA ICS
IOServer OPC Server Multiple Vulnerabilities
cisa_ics·2013-05-01
IOServer OPC Server Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
IOServer OPC Server Multiple Vulnerabilities
Last RevisedMay 01, 2013
Alert CodeICSA-12-258-01
## Overview
Independent researcher Hinge of foofus.net has identified multiple vulnerabilitiesIOServer “Root Directory” Trailing Backslash Web Server Vuln, http://www.foofus.net/?page_id=616, Web site last accessed September 13, 2012. in IOServer’s OPC Server application. IOServer has released a new version of the product that partially mitigates these vulnerabilities. Hinge has tested the new version and found that it partially resolves these vulnerabilities. These vulnerabilities can
No detection rules found.
No writeups or analysis indexed.
2012-08-27
Published