cpe:/a:juan_ramon:osclass:1.1 cpe:/a:juan_ramon:osclass:1.1:rc cpe:/a:juan_ramon:osclass:1.2:alpha cpe:/a:juan_ramon:osclass:1.2:beta cpe:/a:juan_ramon:osclass:1.2:delta cpe:/a:juan_ramon:osclass:2.0 cpe:/a:juan_ramon:osclass:2.0:rc cpe:/a:juan_ramon:osclass:2.0.1 cpe:/a:juan_ramon:osclass:2.0.2 cpe:/a:juan_ramon:osclass:2.0.3 cpe:/a:juan_ramon:osclass:2.1 cpe:/a:juan_ramon:osclass:2.1.1 cpe:/a:juan_ramon:osclass:2.2 cpe:/a:juan_ramon:osclass:2.2.1 cpe:/a:juan_ramon:osclass:2.2.2 cpe:/a:juan_ramon:osclass:2.2.3 cpe:/a:juan_ramon:osclass:2.3 cpe:/a:juan_ramon:osclass:2.3.1 cpe:/a:juan_ramon:osclass:2.3.2 cpe:/a:juan_ramon:osclass:2.3.3 cpe:/a:juan_ramon:osclass:2.3.4 cpe:/a:juan_ramon:osclass:2.3.5 CVE-2012-1617 2012-09-25T20:55:01.097-04:00 2017-08-28T21:31:19.757-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2012-09-26T13:56:00.000-04:00 BUGTRAQ 20120307 OSClass directory traversal (leads to arbitrary file upload) SECUNIA 48284 BID 52336 MLIST [oss-security] 20120402 CVE request: OSClass directory traversal vulnerability MLIST [oss-security] 20120402 Re: CVE request: OSClass directory traversal vulnerability MLIST [oss-security] 20120403 Re: CVE request: OSClass directory traversal vulnerability MLIST [oss-security] 20120404 Re: CVE request: OSClass directory traversal vulnerability CONFIRM http://osclass.org/2012/03/05/osclass-2-3-6/ MISC http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability CONFIRM https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b CONFIRM https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a CONFIRM https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1 XF osclass-directory-traversal(73754) XF osclass-file-upload(73755) Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.