Next Page >>
directory traversal
Summary
=======
The Management Center for Cisco Security Agents is affected by a
directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may
allow an authenticated attacker to view and download arbitrary files
from the server hosting the Management Center. Successful
exploitation of the SQL injection vulnerability may allow an
authenticated attacker to execute SQL statements that can cause
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-018
Application: Apache Geronimo Application Server
Versions Affected: 2.1 - 2.1.3
Vendor URL: http://geronimo.apache.org/
Bug: Directory Traversal File Upload
Exploits: YES
Reported: 10.12.2008
Vendor response: 10.12.2008
Solution: YES
Date of Public Advisory: 16.04.2009
Security Advisory
http://blog.hispasec.com/lab/
Name : 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573)
multiple FTP-based vulnerabilities
Class : Remote directory traversal, Remote DoS
Threat level : HIGH
Discovered : 2007-09-06
Published : 2007-08-24
Credit : Gynvael Coldwind
Vulnerable : 0.92 (build 573), 0.92 (build 565), prior also may be affected
Team Vexillium
Security Advisory
http://vexillium.org/
Name : WinImage 8.10 Multiple Vulnerabilities
Class : Denial of Service and Directory Traversal
Threat level : LOW (DoS), MED (Dir. traversal vuln)
Discovered : 2007-08-31
Published : 2007-09-15
Credit : j00ru//vx
Vulnerable : WinImage 8.10,
ESX 4.0 ESX ESX400-200909401-BG
ESX 3.5 ESX ESX350-200910401-SG
ESX 3.0.3 ESX ESX303-200910401-BG
ESX 2.5.5 ESX Upgrade Patch 15
b. Directory Traversal vulnerability
A directory traversal vulnerability allows for remote retrieval of
any file from the host system. In order to send a malicious request,
the attacker will need to have access to the network on which the
host resides.
service (IRC shutdown) via certain inputs.
CVE-2005-1238 05/02/2005 By design, the built-in FTP server for iSeries
AS/400 systems does not support a restricted document root, which allows
attackers to read or write arbitrary files, including sensitive QSYS
databases, via a full pathname in a GET or PUT request.
CVE-2005-1239 05/02/2005 Directory traversal vulnerability in the third
party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP
server, allows remote attackers to access arbitrary files, including
those from qsys.lib, via ".." sequences in a GET request.
CVE-2005-1240 04/20/2005 Directory traversal vulnerability in the third
party tool from Castlehill, as used to secure the iSeries AS/400 FTP
_____________
Summary:
A) Multiple SQL Injection
B) Directory Traversal
C) Reflected XSS
A) Multiple SQL Injection
_________________________
Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability
Software : YaTFTPSvr TFTP Server
Software Version : 1.0.1.200
Vendor: http://sites.google.com/site/zhaojieding2/
Vulnerability Published : 2011-07-11
Vulnerability Update Time :
Status :
Impact : Medium
Bug Description :
YaTFTPSvr TFTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an TFTP client.
Hello Bugtraq!
I want to warn you about Cross-Site Scripting, Full path disclosure,
Information Leakage, Directory Traversal, Arbitrary File Deletion and Denial
of Service vulnerabilities in WordPress.
For all these attacks it's needed to have access to admin account, or to
have account with rights for working with plugins. Or to attack admin or
other user with required rights via XSS, to find out token which designed to
protect against CSRF attacks.
DSECRG-11-003 (Internal DSECRG-00145) SAP Crystal Report Server 2008 - Directory Traversal
Directory traversal vulnerability discovered in the module PerformanceManagement application SAP Crystal Report Server 2008, which allows you to read any file on the OS.
Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://sap.com
Bugs: Directory Traversal File Read
Exploits: YES
Reported: 29.03.2010
Vendor response: 30.03.2010
attack will work in WP-DB-Backup <= 2.0.
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=.htaccess
If to place .htaccess in folder with backups, then it can be deleted. Even
with fixed Directory Traversal - in the folder with backups the files can be
deleted in any case. So it's needed to place .htaccess not in the folder
with backups, but in higher level folders, e.g. in folder wp-content.
Taking into account that WordPress Database Backup plugin creates empty
index.php in the folder with backups for protecting from leaking of
I shall complete the information related to Bugtraq ID: 33359
Title: HTC / Windows Mobile OBEX FTP Service Directory Traversal
Author: Alberto Moreno Tablado
Vendor: HTC
Vulnerable Products:
- HTC devices running Windows Mobile 6
- HTC devices running Windows Mobile 6.1
Non vulnerable products:
- HTC devices running Windows Mobile 5.0
Advisory: nostromo nhttpd directory traversal leading to arbitrary
command execution
During a penetration test, RedTeam Pentesting discovered a directory
traversal vulnerability leading to arbitrary command execution in the
nostromo HTTP server.
Details
=======
the official announcement of these holes, I additionally informed them.
19.02.2010 - disclosed at my site.
-----------------------------
Details:
These are SQL Injection and Directory Traversal vulnerabilities.
SQL Injection:
http://site/files.php?refdll=-1+union+select+version()%23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Directory Traversal is not only a web-server vulnerability, neza0x. Webapps can be vulnerable as
well. Or 3rd party [nginx|apache|etc] modules, for that matter.
On 11/03/2010 05:49 PM, neza0x@gmail.com wrote:
> Directory Traversal still alive? I mean, does your tool bypass Apache, IIS latest versions? Or it is applicable to IIS 4?
>
> It would be nice to have new techniques, improve multi-byte encoders and so on.
Software : Deepin TFTP Server Directory Traversal Vulnerability
Software Version : v1.25
Vendor: Deepin.org
Vulnerability Published : 2010-08-14
Vulnerability Update Time :
Status :
Impact : Medium
Bug Description :
Deepin TFTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an FTP client.
Proof Of Concept :
______________________________________________________________________
-------------------------- NSOADV-2011-003 ---------------------------
Majordomo2 'help' Command Directory Traversal (Patch Bypass)
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
[+] Application: phpCommunity 2
[+] Version: 2.1.8
[+] Website: http://sourceforge.net/projects/phpcommunity2/
[+] Bugs: [A] Multiple SQL Injection
[B] Directory Traversal
[C] Reflected XSS
[+] Exploitation: Remote
[+] Date: 07 Mar 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Directory Traversal Vulnerability in Cisco
Network Admission Control Manager
Advisory ID: cisco-sa-20111005-nac
Revision 1.0
Summary
=======
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of
service (DoS) vulnerability and a directory traversal vulnerability. These
vulnerabilities are independent of each other.
Exploitation of these vulnerabilities could result in a DoS condition or an
information disclosure.
[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues
Details
=======
Product: moziloWiki
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.mozilo.de/
Vendor-Status: informed
Advisory-Status: published
properly quote regular expressions, which allows remote authenticated
users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and
consequently execute arbitrary PHP code, by leveraging the ability
to modify the SESSION superglobal array (CVE-2011-2507).
Directory traversal vulnerability in libraries/display_tbl.lib.php
in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when
a certain MIME transformation feature is enabled, allows remote
authenticated users to include and execute arbitrary local files
via a .. (dot dot) in a GLOBALS[mime_map][->name][transformation]
parameter (CVE-2011-2508).
http://site/wp-admin/page-new.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
Original article (in Russian): http://securityvulns.ru/Sdocument714.html
Additional details (in Ukrainian): http://websecurity.com.ua/1658/
2.3 Directory traversal, Arbitrary file deletion, Denial of Service
and Cross-Site Scripting via wp-db-backup.php
Directory Traversal (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\.htaccess
Vendor: Cisco Systems
Product: CUCM Environment
Cisco Unified Communications Manager (CallManager)
Cisco IP Phone CP-7975G
Vulnerability: Directory Traversal
Reversible Obfuscation Algorithm
SCCP service security issues
CTFTP Information Leaks
Voice VLAN Separation Activated Late
Affected Releases: 7.0, 8.0(2)
HISPASEC
Security Advisory
http://blog.hispasec.com/lab/
Name : 2K7SEPT6 Total Commander 7.01 Remote FTP Client
Directory Traversal
Class : Remote Directory Traversal
Threat level : HIGH
Discovered : 2007-08-25
Published : 2007-09-06
Credit : Gynvael Coldwind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Unified Communications Manager Directory Traversal Vulnerability
Advisory ID: cisco-sa-20111026-cucm
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Unified Contact Center Express Directory Traversal Vulnerability
Advisory ID: cisco-sa-20111026-uccx
Revision 1.0
For Public Release 2011 October 26 16:00 UTC (GMT)
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04
PR10-04 Directory traversal limited to file validation within Viva
thumbs WordPress add-on
Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Thursday, 4 February 2010
Vendor informed: Monday, 8 February 2010
Severity level: Low/Medium
17.06.2010 - disclosed at my site.
-----------------------------
Details:
These are Information Leakage, Cross-Site Request Forgery, Cross-Site
Scripting, Directory Traversal and Full path disclosure vulnerabilities.
Information Leakage:
http://site/path_to_firebook_admin/?URLproxy=http://firebook.ru/env/index.html;
put this code instead URL
javascript: alert (document.cookie = "adminpass =" + escape ( "admin"));
=======================
Directory Traversal
=======================
http://site.com/admin/ewebeditor/admin/upload.asp?id=16&d_viewmode=&dir=./..
=======================
Next Page>>
|
