CVE-2014-2575

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:*:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.3:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.6:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.9:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.10:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.11:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.6:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.7:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.9:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.10:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.11:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.12:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.7:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.10:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.11:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.12:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.13:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.14:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.6:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.7:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.9:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.10:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.11:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.12:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.6:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.7:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.10:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.11:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.12:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.13:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.15:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.16:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.6:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.7:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.6:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.7:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-06-06 14:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-2575

Mitre link : CVE-2014-2575

CVE.ORG link : CVE-2014-2575


JSON object : View

Products Affected

devexpress

  • aspxfilemanager_control_for_webforms_and_mvc
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')