Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:DIR:PARAMETER-TRAVERSE

Severity

 Major

Recommended

 No

Category

 HTTP

Keywords

 Parameter Directory Traversal

Release Date

 2003/08/12

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Parameter Directory Traversal


This signature detects directory traversal attempts within HTTP GET or POST form parameters. Attackers can exploit a poorly-written CGI program to access or modify private files.

Extended Description

MidiCMS Website Builder is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. MidiCMS Website Builder 2011 is vulnerable; other versions may also be affected.

Affected Products

  • Midicms_software midicms_website_builder 2011

References

  • BugTraq: 101527
  • BugTraq: 52532
  • BugTraq: 74395
  • BugTraq: 66973
  • BugTraq: 71404
  • BugTraq: 44852
  • BugTraq: 58385
  • BugTraq: 68632
  • BugTraq: 68361
  • BugTraq: 68540
  • BugTraq: 20160204
  • BugTraq: 74792
  • BugTraq: 68544
  • BugTraq: 9971
  • BugTraq: 9966
  • BugTraq: 69494
  • BugTraq: 101789
  • BugTraq: 47970
  • BugTraq: 39114
  • CVE: CVE-2015-1376
  • CVE: CVE-2015-2995
  • CVE: CVE-2018-17533
  • CVE: CVE-2017-12285
  • CVE: CVE-2017-5795
  • CVE: CVE-2014-6036
  • CVE: CVE-2015-3897
  • CVE: CVE-2012-4915
  • CVE: CVE-2014-5005
  • CVE: CVE-2014-6034
  • CVE: CVE-2018-15705
  • CVE: CVE-2018-15535
  • CVE: CVE-1999-077
  • CVE: CVE-2013-4823
  • CVE: CVE-2012-5206
  • CVE: CVE-2012-5208
  • CVE: CVE-2013-5486
  • CVE: CVE-2013-6810
  • CVE: CVE-1999-0229
  • CVE: CVE-2014-2210
  • CVE: CVE-2014-3914
  • CVE: CVE-2014-2614
  • CVE: CVE-2014-2619
  • CVE: CVE-2014-6035
  • CVE: CVE-1999-1462
  • CVE: CVE-2000-0924
  • CVE: CVE-2001-0211
  • CVE: CVE-2011-4431
  • CVE: CVE-2014-5446
  • CVE: CVE-2014-9404
  • CVE: CVE-2014-7863
  • CVE: CVE-2016-0477
  • CVE: CVE-2015-4031
  • CVE: CVE-2015-4032
  • CVE: CVE-2015-4068
  • CVE: CVE-2014-2314
  • CVE: CVE-2004-1856
  • CVE: CVE-2004-1859
  • CVE: CVE-2015-6459
  • CVE: CVE-2016-0476
  • CVE: CVE-2016-0484
  • CVE: CVE-2016-0490
  • CVE: CVE-2016-0481
  • CVE: CVE-2016-0482
  • CVE: CVE-2016-0489
  • CVE: CVE-2016-0480
  • CVE: CVE-2016-0485
  • CVE: CVE-2016-0486
  • CVE: CVE-2016-0855
  • CVE: CVE-2016-0478
  • CVE: CVE-2016-3109
  • CVE: CVE-2016-6896
  • CVE: CVE-2010-4229
  • CVE: CVE-2016-6600
  • CVE: CVE-2016-1605
  • CVE: CVE-2013-1081
  • CVE: CVE-2013-1082
  • CVE: CVE-2016-8207
  • CVE: CVE-2015-3301
  • CVE: CVE-2012-1669
  • CVE: CVE-2016-8525
  • CVE: CVE-2016-8530
  • CVE: CVE-2010-1537
  • CVE: CVE-2010-3480
  • CVE: CVE-2011-4807
  • CVE: CVE-2010-4406
  • CVE: CVE-2010-5323
  • CVE: CVE-2010-3481
  • CVE: CVE-2014-10010
  • CVE: CVE-2010-0799
  • CVE: CVE-2010-1062
  • CVE: CVE-2014-10037
  • CVE: CVE-2010-4281
  • CVE: CVE-2010-4598
  • CVE: CVE-2009-5089
  • CVE: CVE-2009-5088
  • CVE: CVE-2013-3803
  • CVE: CVE-2010-2654
  • CVE: CVE-2010-2655
  • CVE: CVE-2012-5331
  • CVE: CVE-2014-2586
  • CVE: CVE-2009-5093
  • CVE: CVE-2011-0405
  • CVE: CVE-2012-0981
  • CVE: CVE-2012-1671
  • CVE: CVE-2013-3240
  • CVE: CVE-2013-6720
  • CVE: CVE-2011-1099
  • CVE: CVE-2000-0443
  • CVE: CVE-2014-5445
  • CVE: CVE-2016-5803
  • CVE: CVE-2017-12263
  • CVE: CVE-2017-6637
  • CVE: CVE-2014-5302
  • CVE: CVE-2014-2620
  • CVE: CVE-2010-4335
  • CVE: CVE-2013-6771
  • CVE: CVE-2012-0410
  • CVE: CVE-2013-7091
  • CVE: CVE-2019-10267
  • CVE: CVE-2017-6621
  • CVE: CVE-2016-6601
  • CVE: CVE-2017-6527
  • CVE: CVE-2015-2997
  • CVE: CVE-2015-2996
  • CVE: CVE-2018-16283
  • CVE: CVE-2017-7974
  • CVE: CVE-2017-11512
  • CVE: CVE-2016-1525
  • CVE: CVE-2014-2618
  • CVE: CVE-2015-2295
  • CVE: CVE-2014-7866
  • CVE: CVE-2018-7503
  • CVE: CVE-2018-0258
  • CVE: CVE-2018-12613
  • CVE: CVE-2015-1487
  • URL: http://seclists.org/fulldisclosure/2015/Jun/8
  • URL: https://github.com/rapid7/metasploit-framework/pull/6038
  • URL: http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html
  • URL: http://www.novell.com/support/kb/doc.php?id=7005573
  • URL: http://seclists.org/fulldisclosure/2014/Aug/88
  • URL: http://karmainsecurity.com/KIS-2016-07
  • URL: http://www.sugarcrm.com/security/sugarcrm-sa-2016-001
  • URL: http://www.sugarcrm.com/security/sugarcrm-sa-2016-008
  • URL: https://bugs.php.net/bug.php?id=72663
  • URL: http://secunia.com/advisories/50832
  • URL: http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html
  • URL: https://www.phpmyadmin.net/security/pmasa-2018-4/
  • URL: https://medium.com/@happyholic1203/phpmyadmin-4-8-0-4-8-1-remote-code-execution-257bcc146f8e
  • URL: http://seclists.org/fulldisclosure/2014/Sep/110

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out