ID CVE-2015-5353Type cveReporter NVDModified 2016-12-07T13:16:36
Description
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
{"id": "CVE-2015-5353", "bulletinFamily": "NVD", "title": "CVE-2015-5353", "description": "Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.", "published": "2015-07-01T12:59:00", "modified": "2016-12-07T13:16:36", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5353", "reporter": "NVD", "references": ["http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt", "http://www.securityfocus.com/bid/75533", "https://www.exploit-db.com/exploits/37439/", "http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html", "http://www.securityfocus.com/archive/1/archive/1/535876/100/0/threaded"], "cvelist": ["CVE-2015-5353"], "type": "cve", "lastseen": "2017-04-18T15:57:31", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:novius-os:novius_os:5.0.1"], "cvelist": ["CVE-2015-5353"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.", "edition": 1, "hash": "55645957262a777918751249660a57f121f4952c00300de483b8fb6fe89ee0e5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "cad87ca24a92970d5943ce049a2c2c65", "key": "references"}, {"hash": "9e14d5984da26263a8d125d0bcbe6112", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "94d122e9a11db6f8e51b822a222e9335", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "6371324ef027f56d5dec08bbb74c9112", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "badd5cf7597158a22629d909169d6b8c", "key": "modified"}, {"hash": "859989e92bbf45774a71ae643cdd9919", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a066a72a4c9119614d634b91168c94d9", "key": "href"}, {"hash": "0081aa2f313dee1835ed899c3ecaba7b", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5353", "id": "CVE-2015-5353", "lastseen": "2016-09-03T22:52:13", "modified": "2015-07-02T13:56:42", "objectVersion": "1.2", "published": "2015-07-01T12:59:00", "references": ["http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt", "http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html", "http://www.securityfocus.com/archive/1/archive/1/535876/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-5353", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:52:13"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "6371324ef027f56d5dec08bbb74c9112"}, {"key": "cvelist", "hash": "94d122e9a11db6f8e51b822a222e9335"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "859989e92bbf45774a71ae643cdd9919"}, {"key": "href", "hash": "a066a72a4c9119614d634b91168c94d9"}, {"key": "modified", "hash": "c3163ff191447b668ff0e634845672bb"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "0081aa2f313dee1835ed899c3ecaba7b"}, {"key": "references", "hash": "9a6654e88949973e5d20db452aa28828"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "9e14d5984da26263a8d125d0bcbe6112"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d71cfd947b6b3b6e48a0234e2a009c7dd355d1bac13b811295a497ba194e558c", "viewCount": 2, "objectVersion": "1.2", "cpe": ["cpe:/a:novius-os:novius_os:5.0.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"vulnersScore": 7.5}}
{"result": {"exploitdb": [{"id": "EDB-ID:37439", "type": "exploitdb", "title": "Novius 5.0.1 - Multiple Vulnerabilities", "description": "Novius 5.0.1 - Multiple Vulnerabilities. CVE-2015-5353,CVE-2015-5354. Webapps exploit for php platform", "published": "2015-06-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/37439/", "cvelist": ["CVE-2015-5354", "CVE-2015-5353"], "lastseen": "2016-02-04T05:50:13"}], "packetstorm": [{"id": "PACKETSTORM:132478", "type": "packetstorm", "title": "Novius OS 5.0.1-elche XSS / LFI / Open Redirect", "description": "", "published": "2015-06-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html", "cvelist": ["CVE-2015-5354", "CVE-2015-5353"], "lastseen": "2016-12-05T22:19:15"}]}}
