National Cyber-Alert System

Vulnerability Summary for CVE-2012-1617

Overview

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

Type: Patch Information; Exploit

Hyperlink:https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

External Source: CONFIRM

Name: https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a

Type: Patch Information; Exploit

Hyperlink:https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a

External Source: CONFIRM

Name: https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b

Type: Patch Information; Exploit

Hyperlink:https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b

External Source: MLIST

Name: [oss-security] 20120404 Re: CVE request: OSClass directory traversal vulnerability

Type: Patch Information; Exploit

Hyperlink:http://www.openwall.com/lists/oss-security/2012/04/04/7

External Source: CONFIRM

Name: http://osclass.org/2012/03/05/osclass-2-3-6/

Type: Patch Information; Exploit

Hyperlink:http://osclass.org/2012/03/05/osclass-2-3-6/

External Source: XF

Name: osclass-file-upload(73755)

Hyperlink:http://xforce.iss.net/xforce/xfdb/73755

External Source: XF

Name: osclass-directory-traversal(73754)

Hyperlink:http://xforce.iss.net/xforce/xfdb/73754

External Source: BID

Name: 52336

Hyperlink:http://www.securityfocus.com/bid/52336

External Source: MLIST

Name: [oss-security] 20120403 Re: CVE request: OSClass directory traversal vulnerability

Hyperlink:http://www.openwall.com/lists/oss-security/2012/04/03/1

External Source: MLIST

Name: [oss-security] 20120402 Re: CVE request: OSClass directory traversal vulnerability

Hyperlink:http://www.openwall.com/lists/oss-security/2012/04/02/6

External Source: MLIST

Name: [oss-security] 20120402 CVE request: OSClass directory traversal vulnerability

Hyperlink:http://www.openwall.com/lists/oss-security/2012/04/02/1

External Source: MISC

Name: http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability

Hyperlink:http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability

External Source: SECUNIA

Name: 48284

Type: Advisory

Hyperlink:http://secunia.com/advisories/48284

External Source: BUGTRAQ

Name: 20120307 OSClass directory traversal (leads to arbitrary file upload)

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html