Vulnerability CVE-2014-2575

Vulnerability CVE-2014-2575

Published: 2014-06-06

Description:

	Topic	Author	Date
Med.	DevExpress ASP.NET File Manager 13.2.8 Directory Traversal	RedTeam	06.06.2014

Type:

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Affected software
Devexpress -> Aspxfilemanager control for webforms and mvc

http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html

http://seclists.org/fulldisclosure/2014/Jun/24

http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2

http://www.exploit-db.com/exploits/33700

http://www.securityfocus.com/archive/1/532304/100/0/threaded

http://www.securityfocus.com/bid/67902

https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager