«
Expand/Collapse
285 items tagged "directory traversal"
Related tags:
vulnerabilities [+],
txt [+],
notice [+],
ftp [+],
cisco [+],
arbitrary files [+],
kde [+],
ipod [+],
download [+],
proof of concept [+],
php [+],
kget [+],
directory [+],
unified [+],
s system [+],
null bytes [+],
input validation [+],
information disclosure [+],
denial of service [+],
cms [+],
bugtraq [+],
authentication [+],
attacker [+],
arbitrary code execution [+],
joomla [+],
inclusion [+],
disclosure [+],
coldfusion [+],
code [+],
advisory [+],
windows [+],
web context [+],
vmware [+],
tinywebgallery [+],
server directory [+],
securetransport [+],
scanner [+],
sap [+],
promotic [+],
metropolis technologies [+],
manager [+],
mac os [+],
execution [+],
beta [+],
axway [+],
apple safari [+],
adobe [+],
xtreamerpro [+],
xlight [+],
web applications [+],
web [+],
w cms [+],
usernames passwords [+],
unauthorized access [+],
tim brown [+],
thinvnc [+],
tcp port 80 [+],
target system [+],
sysax [+],
storageworks [+],
srp [+],
software inc [+],
smbrelay [+],
smartermail [+],
shell [+],
server versions [+],
security notice [+],
sap netweaver [+],
root filesystem [+],
retrieval [+],
port 8080 [+],
png images [+],
player directory [+],
player [+],
piwigo [+],
password properties [+],
overflow [+],
org [+],
operations manager [+],
operations [+],
openoffice [+],
officewatch [+],
obfuscation [+],
null byte [+],
novell zenworks asset management [+],
netweaver [+],
net [+],
mysqldumper [+],
multi [+],
metropolis [+],
media [+],
marc schoenefeld [+],
mandriva linux [+],
mandriva [+],
manager xss [+],
malicious content [+],
local resources [+],
linux security [+],
linux [+],
ld library [+],
ip phone [+],
imanager [+],
ibrowser [+],
hp storageworks [+],
homepina [+],
forgery [+],
flatnux [+],
filename property [+],
encrypted password [+],
dsa [+],
dmitri gribenko [+],
data protector [+],
dan rosenberg [+],
cybele software [+],
csrf [+],
collabtive [+],
cogent [+],
client directory [+],
cisco small [+],
cisco security advisory [+],
cisco security [+],
cisco cucm [+],
chyrp [+],
charlie miller [+],
channel keys [+],
business [+],
brute [+],
blue [+],
blogengine [+],
audits [+],
archive files [+],
arbitrary code [+],
access point [+],
access [+],
abap [+],
traversal [+],
exploits [+],
zftpserver [+],
yaws [+],
upload [+],
update [+],
tool [+],
tar gz [+],
suite 6 [+],
suite [+],
sql injection [+],
sftp server [+],
server version [+],
server v1 [+],
scadapro [+],
safer use [+],
ruubikcms [+],
rmdir [+],
reporter [+],
payloads [+],
orbit downloader [+],
new [+],
nbsp [+],
multiple [+],
measuresoft [+],
majordomo [+],
lfi [+],
kvirc [+],
ipad [+],
integraxor [+],
home [+],
ftp client [+],
freefloat [+],
free download manager [+],
free [+],
format string attack [+],
format string [+],
ecava [+],
dreambox [+],
default accounts [+],
default [+],
dcc protocol [+],
dcc [+],
datahub [+],
component version [+],
coat [+],
bsadv [+],
beta xss [+],
artforms [+],
aria [+],
day [+],
security [+],
zero [+],
xss [+],
writable directory [+],
webapps [+],
web server [+],
web security [+],
web configurator [+],
vulnerable versions [+],
video communication [+],
video [+],
version [+],
utf [+],
user [+],
twonkymedia [+],
touch [+],
titanftp [+],
tiod [+],
tandberg [+],
suspected [+],
surfboard cable modem [+],
surfboard [+],
spam [+],
softx [+],
simple web server [+],
simple [+],
sidebooks [+],
share [+],
serva [+],
security tool [+],
secunia [+],
rubygems [+],
river [+],
rhinos [+],
research [+],
report server [+],
reader [+],
read [+],
rar [+],
quickphp [+],
proftpd [+],
pjl [+],
phpshowtime [+],
phone [+],
perl tool [+],
pdf [+],
payload [+],
packard [+],
osclass [+],
orbit [+],
novell zenworks [+],
novell [+],
nostromo [+],
nhttpd [+],
newsletter manager [+],
name directory [+],
mydocs [+],
mydblite [+],
mura [+],
motorola surfboard cable modem [+],
motorola [+],
minalic [+],
manager. authentication [+],
management directory [+],
manageengine [+],
mail directory [+],
mail [+],
lite [+],
laserjet [+],
language [+],
jce [+],
java server [+],
ipod touch [+],
insertion point [+],
ifile [+],
idocmanager [+],
httpdasm [+],
http [+],
home ftp [+],
hewlett packard laserjet [+],
hewlett [+],
help [+],
hacking [+],
guitar directory [+],
guitar [+],
gradient [+],
ftpdisc [+],
ftpd [+],
ftp servers [+],
ftp server [+],
frigate [+],
free directory [+],
folders [+],
files [+],
filer [+],
fileapp [+],
file upload [+],
etc passwd [+],
end to end [+],
dpkg [+],
dos [+],
dolibarr [+],
directorytraversalscan [+],
deviceexpert [+],
default account [+],
d ftp [+],
curly braces [+],
crystal report [+],
corp [+],
core ftp [+],
core [+],
configurator [+],
component [+],
communication [+],
command execution [+],
command directory [+],
command [+],
comb [+],
cloupia [+],
client [+],
cktricky [+],
checkview [+],
cable [+],
bsides [+],
browser address bar [+],
boot ini [+],
axigen [+],
arbitrary command [+],
apache tomcat [+],
air [+],
acti [+],
Tools [+],
iphone [+],
vulnerability [+],
file [+],
zero day [+],
ubuntu [+],
site [+],
cross site scripting [+],
cross [+],
stack overflow [+],
server [+],
initiative [+],
code execution [+],
zervit,
webhtmleditor,
web server version,
vmware server,
vicftps,
usn,
und,
ultralight,
trouble,
trendnettvip,
ticket express,
ticket,
smart,
server v2,
server authentication,
roakcms,
multithreaded,
mongoose,
miniwebsvr,
metalink,
malicious users,
lt 2,
lazy way,
justin morehouse,
infragistics,
httpdx,
http server,
howtos,
homebase,
goahead webserver,
ewebeditor,
esx,
deleting files,
completeftp,
com,
bypass,
blog,
Tutorials
-
-
16:56
»
Packet Storm Security Exploits
MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
-
16:56
»
Packet Storm Security Recent Files
MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
-
16:56
»
Packet Storm Security Misc. Files
MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
-
-
5:00
»
Carnal0wnage
Several (tm) months back I did my talk on "From LOW to PWNED" at
hashdays and
BSides Atlanta.
The slides were published
here and the video from hashdays is
here, no video for BSides ATL.
I consistently violate
presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post [2] ColdFusion
Whhhhaaaat? ColdFusion?
- Originally released in 1995 by Allaire
- Motivation: make it easier to connect simple HTML pages to a database
- Along the way became full Java
- Latest version is ColdFusion 9 released in 2009
- Most recent features focus on integration with other technologies, e.g. Flash, Flex, AIR, Exchange, MS Office, etc.
- Frequent to see CF 7 - 9 on the web
- Open Source CFML avalable as well
- BlueDragon, Railo, Mura CMS
Background Reading:
http://carnal0wnage.attackresearch.com/2011/12/not-0wning-that-coldfusion-server-but.htmlhttp://averagesecurityguy.info/2011/12/09/owning-a-coldfusion-server/https://media.blackhat.com/bh-us-10/presentations/Eng_Creighton/BlackHat-USA-2010-Eng-Creighton-Deconstructing-ColdFusion-slides.pdfhttps://media.blackhat.com/bh-us-10/whitepapers/Eng_Creighton/BlackHat-USA-2010-Eng-Creighton-Deconstructing-ColdFusion-wp.pdfhttp://www.orkspace.net/secdocs/Conferences/EuSecWest/2006/ColdFusion%20Security.pdfLOW?
Two nice bugs exist that I don't think vuln scanners commonly check for
Locale traversal CVE: 2010-2861
coldfusion_locale_traversal.rbgreat overview/walkthru here:
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
Vulnerable Versions:
ColdFusion MX6 6.1 base patches
ColdFusion MX7 7,0,0,91690 base patches
ColdFusion MX8 8,0,1,195765 base patches
ColdFusion MX8 8,0,1,195765 with Hotfix4
ColdFusion 9? Immunity reported yes, but Adobe fixed downloadable version of 9. so maaaaaaybe if old version of 9.
*no patches exist for 6 & 7 so if you see CF6 or CF7 its always vuln to the bug*
Adobe XML External Entity Injection: CVE-2009-3960
adobe_xml_inject.rbadvisory info here:
http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf
There's lots more to the ColdFusion story, enough that I recently gave a
talk on it.
-
-
5:12
»
Packet Storm Security Exploits
Flatnux CMS 2011 version 08.09.2 suffers from cross site request forgery, cross site scripting, and directory traversal vulnerabilities.
-
-
21:42
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
-
21:42
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
-
21:42
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
-
-
11:01
»
Carnal0wnage
In
cktricky's last post he provided a great outline on the ins and outs of leveraging burp's built in support for directory traversal testing. There are two questions, however, that should immediately come to mind once you are familiar with this tool: How do I find directory traversal & what should I look for if I do?
Finding directory traversal is the hunt for dynamic file retrieval or modification. The antonym, static file retrieval, is when the
browser is delegated the request for a file on the server. In other words, every <a href>, css call for a file/location, and even most JavaScript calls can be considered static. You could copy the path of those requests into the browser address bar and grab the file yourself-- because that is pretty much what the browser is doing for you. Dynamic file retrieval, however, is when you request a server based page/function which
serves you a file. Think of it as the difference between calling someone directly on the phone vs. calling an operator who calls that person and patches you in.
Dynamic file serving takes place for a variety of reasons, such as: user content download locations, dynamic image rendering/resizing features, template engines, language parameters*, AJAX to services type calls, sometimes in cookies, and occasionally are how pages themselves get served. These all basically look something like:
somefunction.php?img=/some/place/graphic.jpg
or
somefunction.php?page=/view/something
The path to the file can either be relative (../../../etc) or in some more rare cases absolute (c:/windows/boot.ini). Additionally, these requests might be base64 or ROT13 encoded or sometimes encrypted. Neither is a stop get.
You might think language parameters are an odd location for directory traversal, but after talking with my co-workers*, they reminded be about dynamic file modification. Some frameworks use parameters (such as language) to prefix a directory to the request or alter the file name for the appropriate language. Ergo:
cookie: language=en-us;
could turn into:
File.Open('/' + language '/' + some-file);
File.Open('/' + language + '.' + some-file);
If that is true, you can alter the root of a request, then use terminators to kill off the rest of what gets appended (null chars ftw) such as:
cookie: language=../../../../../etc/passwd
cookie: language=../../../../../etc/passwd;
Language, template/skin name, or occasionally environment type variables (such as location=PROD, DEBUG, etc...). Anything that might be prefixed to a file name or directory to search is fair-game for that.
Now what?Once you've identified a location which appears to be ripe for the testing-- how do you verify and what would you do? To verify, I have found two approaches that work well: default files & known files.
The first approach is based on looking for default files on the file system. Since you are mostly blind to what exists on a server, you look for the existence of these defaults to see if they can be retrieved. There are two resources which I've found helpful. The first is Mubix's list of
post-exploitation commands. In addition to a helpful list of commands for post exploit, the list includes very common files you might want to look for and steal (by operating system). The second resource is the
Apache Default layout per OS. This can be really useful if you are attacking a system using Apache, to grab known configurations. For non-Apache web servers, I usually install them locally and see what the default layout looks like manually.
The second approach comes into play if the first fails (and it might) because the user-context of the site doesn't have the authority to access those files. So you have to request files you can be reasonably sure it has access to-- the webpages it already serves. In this approach you attempt to serve other parts of the webpage, relative to the location you are currently looking at. As a contrived example, say you see a layout something like:
/mainpage.asp /vulnerableFeature.asp?path=/images/some-image.jpg
you'd test for:
/vulnerableFeature.asp?path=../mainpage.asp /vulnerableFeature.asp?path=/mainpage.asp
Since you know that the user-context of the site has the authority to serve those pages, it -should- be a fairly practical way to verify if your directory traversal is working. You may even get back source code this way. :-)
If you are attempting to take over the server, you should be looking to steal resources which would help you with that (such as the passwd & sam files). If you are attempting to do an involuntary code review, you should steal the source code from the pages you are looking at. There are occasionally hard coded credentials source, but application configuration files are often gold for credentials. I've found database, admin users, SMTP credentials and FTP users this way.
Some final things to consider:
- Most operating systems support the use of environment variables/shortcuts for locations such as %home% or ~. This is useful to remember if there are protections against using a period or two successive periods.
- When dynamic features serve files, they often violate other protections. In IIS for instance various extensions cannot be served by the server (.config files for instance). However in most directory traversals you can pull the web.config file out w/o many problems.
- User controlled uploads often get served dynamically because there isn't a way for the server to know before-hand what the files are. You can sometimes find directory traversal here by uploading files with weird path's in their names (or renaming them after upload).
- Developers sometimes leave clues to file's physical locations in comments. I once downloaded a source for an entire site because of this.
- Image / gallery plugins for CMS's are notorious for directory traversal.
- Error messages are your friend here. If you get a system/application error instead of a file not found type error, you can at least use the mechanism to check for existence of files.
Happy Hunting.
-kuzushi
* Thanks DC & AJ
-
-
14:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution.
-
14:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution.
-
14:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution.
-
-
10:33
»
Carnal0wnage
Often, I'll use Burp Suite's directory traversal Intruder payload list. A step exists that must be performed in order to effectively leverage the traversal payload. We'll briefly cover this.
 |
| Intruder with the insertion point (fuzzing the file parameter) |
Burp's
fuzzing-path traversal payload, available under the
preset list payload set, has a placeholder that represents the filename you'd like to fuzz for. This placeholder "
{FILE} ", must be substituted with an actual filename (ex: /etc/passwd).
 |
| Payload processing rule added, match replace, regular expression form \{FILE\} |
As you can see, the additional step was adding a payload processing rule. We chose match/replace, escaped characters that represent regular expressions (curly braces {}) by placing a backslash in front of them and replaced them with etc/passwd.
Lastly, don't forget to select/deselect the URL-encoding of characters based on your needs.
HTH,
cktricky
-
-
18:07
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
-
18:07
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
-
18:07
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
-
-
11:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
-
11:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
-
11:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
-
11:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.
-
11:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.
-
11:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.
-
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-342 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability. The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
20:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-342 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability. The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
20:00
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-342 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability. The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
-
17:14
»
Packet Storm Security Advisories
Ubuntu Security Notice 1276-1 - Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.
-
17:14
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1276-1 - Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.
-
17:14
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1276-1 - Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.
-
-
7:25
»
Packet Storm Security Exploits
Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.
-
7:25
»
Packet Storm Security Recent Files
Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.
-
7:25
»
Packet Storm Security Misc. Files
Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.
-
-
7:46
»
Packet Storm Security Advisories
The default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.
-
7:46
»
Packet Storm Security Recent Files
The default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.
-
7:46
»
Packet Storm Security Misc. Files
The default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.
-
-
19:09
»
Packet Storm Security Exploits
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
19:09
»
Packet Storm Security Exploits
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
19:09
»
Packet Storm Security Recent Files
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
19:09
»
Packet Storm Security Misc. Files
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
-
7:40
»
Packet Storm Security Exploits
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
-
7:40
»
Packet Storm Security Exploits
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
-
7:40
»
Packet Storm Security Recent Files
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
-
7:40
»
Packet Storm Security Misc. Files
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
-
10:22
»
Packet Storm Security Advisories
Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.
-
10:22
»
Packet Storm Security Advisories
Multiple Cybele Software, Inc. products are vulnerable to arbitrary file retrieval and directory traversal vulnerabilities including ThinVNC, ThinRDP, and ThinVNC Access Point 2.0. An unauthenticated remote attacker can submit requests for files that are located outside the root of the web server that is distributed with these Cybele Software, Inc. products.
-
10:22
»
Packet Storm Security Recent Files
Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.
-
10:22
»
Packet Storm Security Recent Files
Multiple Cybele Software, Inc. products are vulnerable to arbitrary file retrieval and directory traversal vulnerabilities including ThinVNC, ThinRDP, and ThinVNC Access Point 2.0. An unauthenticated remote attacker can submit requests for files that are located outside the root of the web server that is distributed with these Cybele Software, Inc. products.
-
10:22
»
Packet Storm Security Misc. Files
Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.
-
10:22
»
Packet Storm Security Misc. Files
Multiple Cybele Software, Inc. products are vulnerable to arbitrary file retrieval and directory traversal vulnerabilities including ThinVNC, ThinRDP, and ThinVNC Access Point 2.0. An unauthenticated remote attacker can submit requests for files that are located outside the root of the web server that is distributed with these Cybele Software, Inc. products.
-
-
12:09
»
Packet Storm Security Exploits
iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
-
12:09
»
Packet Storm Security Recent Files
iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
-
12:09
»
Packet Storm Security Misc. Files
iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
-
-
11:22
»
Packet Storm Security Exploits
iBrowser plugin version 1.4.1 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to ibrowser.php, loadmsg.php, rfiles.php and symbols.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
-
11:22
»
Packet Storm Security Recent Files
iBrowser plugin version 1.4.1 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to ibrowser.php, loadmsg.php, rfiles.php and symbols.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
-
11:22
»
Packet Storm Security Misc. Files
iBrowser plugin version 1.4.1 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to ibrowser.php, loadmsg.php, rfiles.php and symbols.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
-
-
22:33
»
Packet Storm Security Exploits
Measuresoft ScadaPro versions 4.0.0 and below suffer from directory traversal, denial of service, and stack overflow vulnerabilities.
-
10:22
»
Packet Storm Security Advisories
The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
-
10:22
»
Packet Storm Security Recent Files
The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
-
10:22
»
Packet Storm Security Misc. Files
The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
-
-
15:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
-
15:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
-
15:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
-
-
8:34
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-124 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin. These issues range from variable manipulation to directory traversal issues. The updated packages have been upgraded to the 3.4.3.2 version which is not vulnerable to these issues.
-
8:34
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-124 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin. These issues range from variable manipulation to directory traversal issues. The updated packages have been upgraded to the 3.4.3.2 version which is not vulnerable to these issues.
-
8:34
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-124 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin. These issues range from variable manipulation to directory traversal issues. The updated packages have been upgraded to the 3.4.3.2 version which is not vulnerable to these issues.
-
-
19:41
»
Packet Storm Security Advisories
Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
-
19:41
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
-
19:41
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
-
-
8:04
»
Packet Storm Security Exploits
Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
-
8:04
»
Packet Storm Security Recent Files
Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
-
8:04
»
Packet Storm Security Misc. Files
Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
-
20:03
»
Packet Storm Security Tools
This is a directory traversal scanner written in C# that audits HTTP servers and web applications. Complete source included.
-
-
7:17
»
Packet Storm Security Exploits
Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.
-
7:17
»
Packet Storm Security Recent Files
Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.
-
7:17
»
Packet Storm Security Misc. Files
Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.
-
-
16:33
»
Packet Storm Security Exploits
Dreambox versions DM500, DM500+, DM500HD, and DM500S suffer from a file download vulnerability through a directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.
-
16:33
»
Packet Storm Security Recent Files
Dreambox versions DM500, DM500+, DM500HD, and DM500S suffer from a file download vulnerability through a directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.
-
16:33
»
Packet Storm Security Misc. Files
Dreambox versions DM500, DM500+, DM500HD, and DM500S suffer from a file download vulnerability through a directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.
-
-
16:44
»
Packet Storm Security Advisories
VMware Security Advisory 2011-0008 - VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package.
-
16:44
»
Packet Storm Security Recent Files
VMware Security Advisory 2011-0008 - VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package.
-
16:44
»
Packet Storm Security Misc. Files
VMware Security Advisory 2011-0008 - VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package.
-
-
14:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
-
14:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
-
14:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
-
-
20:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
20:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
20:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
-
-
9:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.
-
9:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.
-
9:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.
-
14:11
»
Packet Storm Security Exploits
This Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
-
14:11
»
Packet Storm Security Recent Files
This Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
-
14:11
»
Packet Storm Security Misc. Files
This Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
-
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - TIOD v1.3.3 for iPhone / iPod touch Directory Traversal
-
-
8:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - Home FTP SERVER 1.12 Directory Traversal
-
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iPhone MyDocs 2.7 Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iPhone iFile 2.0 Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iPhone Folders 2.5 Directory Traversal
-
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - Share v1.0 for iPhone / iPod touch, Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - myDBLite v1.1.10 for iPhone / iPod touch, Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iDocManager v1.0.0 for iPhone / iPod touch, Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - Filer Lite v2.1.0 for iPhone / iPod touch, Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - Air Files v2.6 for iPhone / iPod touch, Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iPhone PDF Reader Pro 2.3 Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iPhone Guitar Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - iPhone ishred 1.93 Directory Traversal
-
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - SideBooks v1.0 for iPhone / iPod touch, Directory Traversal
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - FtpDisc v1.0 for iPhone / iPod touch, Directory Traversal
-
-
14:00
»
1337day (was: Inj3ct0r, 1337db)
[remote exploits] - Majordomo2 - Directory Traversal (SMTP/HTTP)
-
12:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 1056-1 - Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.
-
12:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1056-1 - Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.
-
12:00
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1056-1 - Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.
-
-
9:22
»
Packet Storm Security Exploits
BlogEngine.NET version 1.6.x suffers from path disclosure, unauthorized access, directory traversal, and file upload vulnerabilities.
-
-
10:52
»
SecuriTeam
ProFTPd is a major Open Source FTP server. ProFTPd is for example used by ftp.apple.com, ftp.openssl.org and ftp.rsa.com. When ProFTPd is compiled with mod_site_misc and when a directory is writable, an attacker can use mod_site_misc to, create a directory located outside the writable directory, delete a directory located outside the writable directory, create a symlink located outside the writable directory and change the time of a file located outside the writable directory.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:57
»
SecuriTeam
A directory traversal and file retrieval vulnerability was discovered in TANDBERG's Video Communication Server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:03
»
Packet Storm Security Recent Files
The Joomla ArtForms component version 2.1b7.2 RC2 suffers from cross site scripting, remote SQL injection and directory traversal vulnerabilities.
-
23:02
»
Packet Storm Security Exploits
The Joomla ArtForms component version 2.1b7.2 RC2 suffers from cross site scripting, remote SQL injection and directory traversal vulnerabilities.
-
-
22:02
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2065-1 - Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack.
-
22:00
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2065-1 - Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack.
-
-
1:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-112 - This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PortalModuleInstallManager component of the Novell Management Console which exists within the servlet located within nps.jar. Due to a failure to sanitize '../' directory traversal modifiers from a parameter an attacker can specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service.
-
-
21:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.
-
-
11:02
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The name attribute of the file element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected.
-
11:02
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.
-
11:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to KGet not properly sanitising the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. KDE version 4.4.2 is affected.
-
11:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The name attribute of the file element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected.
-
11:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution
