CVE-2016-6269

CRITICAL Year: 2016
CVSS v3 Score
9.1
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-22
View all →

Vulnerability Description

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.

Related Vulnerabilities

CVE-2012-6664

CRITICAL
CVSS:9.1(Critical)

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get ...

CWE-222012

CVE-2014-10390

CRITICAL
CVSS:9.1(Critical)

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

CWE-222014

CVE-2014-3702

CRITICAL
CVSS:9.1(Critical)

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot ...

CWE-222014

CVE-2015-4068

CRITICAL
CVSS:9.1(Critical)

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFile...

CWE-222015

CVE-2015-5609

CRITICAL
CVSS:9.1(Critical)

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

CWE-222015

CVE-2015-9277

CRITICAL
CVSS:9.1(Critical)

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

CWE-222015