CVE-2011-0966

CiscoWorks Common Services < 3.3 - Unauthenticated Path Traversal via Audit Log File Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0966. PoCs published by Sense of Security.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Cisco Unified Operations Manager, including blind SQL injection, reflected XSS, and directory traversal. It provides specific exploit paths and technical details for each CVE.

Description

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Sense of Security · textremotewindows

https://www.exploit-db.com/exploits/17304

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Cisco Unified Operations Manager, including blind SQL injection, reflected XSS, and directory traversal. It provides specific exploit paths and technical details for each CVE.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Cisco Unified Operations Manager 8.0 and 8.5

Auth required

Prerequisites: Authenticated access to the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Sense of Security · textwebappsjava

https://www.exploit-db.com/exploits/35781

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in CiscoWorks Common Services. It provides example URLs to exploit the vulnerability and access sensitive files, but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CiscoWorks Common Services 3.3 and prior

No auth needed

Prerequisites: Network access to the vulnerable CiscoWorks Common Services instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, URL Repurposed x_refsource_misc

http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/17304

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/67525

Various Sources x_refsource_confirm

http://tools.cisco.com/security/center/viewAlert.x?alertId=23089

Scores

EPSS 0.4135

EPSS Percentile 98.5%

Details

CWE

CWE-22

Status published

Products (11)

cisco/ciscoworks_common_services 1.0

cisco/ciscoworks_common_services 2.2

cisco/ciscoworks_common_services 3.0

cisco/ciscoworks_common_services 3.0.3

cisco/ciscoworks_common_services 3.0.4

cisco/ciscoworks_common_services 3.0.5

cisco/ciscoworks_common_services 3.0.6

cisco/ciscoworks_common_services 3.1

cisco/ciscoworks_common_services 3.1.1

cisco/ciscoworks_common_services 3.2

... and 1 more

Published May 20, 2011

Tracked Since Feb 18, 2026