Lucene search
HistoryAug 18, 2015 - 5:59 p.m.
CVE-2015-4670
cve-2015-4670
directory traversal
devexpress
ajax control toolkit
remote attackers
file write vulnerability
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
7.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.5%
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a … (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
Affected configurations
Node
devexpressajax_control_toolkitRange≤15.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| devexpress:ajax_control_toolkit | devexpress ajax control toolkit | le | 15.0 |
Related
veracode
veracode
Directory Traversal
2018-07-09 02:38:11
nvd
nvd
CVE-2015-4670
2015-08-18 17:59:10
cvelist
cvelist
CVE-2015-4670
2015-08-18 17:00:00
securityvulns
securityvulns
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal
2015-07-14 00:00:00
prion
prion
Directory traversal
2015-08-18 17:59:00
thn
thn
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets
2020-05-05 14:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
7.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.5%
Related for CVE-2015-4670