CVE-2014-1974

Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN22670349/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037
https://play.google.com/store/apps/details?id=lysesoft.andexplorer
https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro
http://jvn.jp/en/jp/JVN22670349/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037
https://play.google.com/store/apps/details?id=lysesoft.andexplorer
https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lyesoft:andexplorer:1.0:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.0::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.1:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.1::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.2:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.2::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.3:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.3::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.4:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.4::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.5:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.5::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.6:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.6::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.7:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.7::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.8:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.8::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:1.9:::::android::
	cpe:2.3:a:lyesoft:andexplorer:1.9::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:2.0::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:2.1:::::android::
	cpe:2.3:a:lyesoft:andexplorer:2.1::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:2.2:::::android::
	cpe:2.3:a:lyesoft:andexplorer:2.2::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:2.3:::::android::
	cpe:2.3:a:lyesoft:andexplorer:2.3::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:2.4:::::android::
	cpe:2.3:a:lyesoft:andexplorer:2.4::::professional:android::*
	cpe:2.3:a:lyesoft:andexplorer:2.5:::::android::
	cpe:2.3:a:lyesoft:andexplorer:3.0:::::android::
	cpe:2.3:a:lyesoft:andexplorer:3.0::::professional:android::*

History

21 Nov 2024, 02:05

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN22670349/index.html -~~	() http://jvn.jp/en/jp/JVN22670349/index.html -
References	~~() http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037 -~~	() http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037 -
References	~~() https://play.google.com/store/apps/details?id=lysesoft.andexplorer -~~	() https://play.google.com/store/apps/details?id=lysesoft.andexplorer -
References	~~() https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro -~~	() https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro -

Information

Published : 2014-04-19 19:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-1974

Mitre link : CVE-2014-1974

CVE.ORG link : CVE-2014-1974

JSON object : View

Products Affected

lyesoft

andexplorer

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-1974", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-19T19:55:07.640", "references": [{"url": "http://jvn.jp/en/jp/JVN22670349/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037", "source": "vultures@jpcert.or.jp"}, {"url": "https://play.google.com/store/apps/details?id=lysesoft.andexplorer", "source": "vultures@jpcert.or.jp"}, {"url": "https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN22670349/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://play.google.com/store/apps/details?id=lysesoft.andexplorer", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en la aplicaci\u00f3n AndExplorer anterior a la versi\u00f3n 20140403 y la aplicaci\u00f3n AndExplorerPro anterior a versi\u00f3n 20140405 de LYSESOFT para Android, permite a los atacantes sobrescribir o crear archivos arbitrarios por medio de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "75982C3E-ADE3-4F4D-A82C-B02724C5C90C"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.0:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "BA42C36F-C265-4AF9-96D3-90CADA51E75E"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "57516594-9FC6-4E7B-AE7E-CEE4521D7C85"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.1:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "2D1240B5-5730-4B51-B0F5-40AE8EDEEC13"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "758C7D60-94C3-4F67-82B6-B802A34C332A"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.2:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "3755FE3E-8732-4369-86B2-C7F75FC0AA9B"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.3:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "7E392B84-C406-4238-8AA1-9B98DCE20D91"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.3:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "75261EDC-3949-4E11-8BAB-973F143E67BC"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.4:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "52D541B0-6E38-4B34-9F09-9DABD9D994C0"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.4:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "AB78FB20-B418-479A-A1E4-01F41C46C78C"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.5:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "4BF6D448-BDB7-4EED-AD84-487D9FFC80C7"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.5:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "84A34BB3-B4C8-47AE-80B5-51ABD898A13F"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.6:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "734E9A7A-DED1-4E4A-B715-63B788BC9D1C"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.6:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "3D95EF0E-78C8-41F9-B827-75B788E82AD9"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.7:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "D739AB41-DE1B-45B4-87DF-43401527F9E3"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.7:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "82F802D3-3920-4F70-BB45-1493A7C53247"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.8:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "F959DE16-CB44-4D23-A2AA-3A52563754A0"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.8:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "CFCE534A-D922-4D9B-B094-06C02CF95D7B"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.9:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "BF45227B-5999-47B5-B936-2D400A303EAF"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:1.9:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "C72FE3B3-B602-42C0-B72B-AF9CCCE7EF0A"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.0:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "3D1E0E3D-6549-4E23-9C9F-C0899D45A214"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.1:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "D00F8121-5597-40DD-A0E1-4814D0622811"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.1:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "96044862-98AE-4AE8-8A5A-23B8119BDDEE"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.2:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "21F8CA16-A063-49A8-B3D6-2A9B7DF0A480"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.2:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "8AE43B25-C79B-43BC-9EF1-44D16619D8AE"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.3:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "0AB8986C-67DF-4E4E-AD71-EE3BFDAA6D47"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.3:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "9A3421A2-63E3-4F5D-84A9-9118331B32F2"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.4:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "6F6AA649-A25E-42F4-8913-E5FA8FE88E6F"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.4:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "678D5A49-92E6-4DF5-8C0A-8778D1FEEE2F"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:2.5:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "6F41F2C4-0E0E-4E26-85F0-10DD447BF2D5"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:3.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A1EC1EBD-E357-4577-9DF4-CE8483B1A09C"}, {"criteria": "cpe:2.3:a:lyesoft:andexplorer:3.0:*:*:*:professional:android:*:*", "vulnerable": true, "matchCriteriaId": "0656C4E2-DF4A-4E9D-8940-9708DBECEEB5"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}

6.4 /10