Lucene search
K

keware technologies homeseer 1.4 - Directory Traversal

🗓️ 07 Dec 2000 00:00:00Reported by SNS ResearchType 
exploitpack
 exploitpack
👁 33 Views

Keware Technologies HomeSeer vulnerable to directory traversal, allowing remote file access.

Code
source: https://www.securityfocus.com/bid/2085/info

Keware Technologies HomeSeer is a home automation application which enables users to control various housewares and appliances locally or remotely via a web interface.

It is possible for a remote user to gain access to any known file outside of the HomeSeer directory on the root directory. A specially crafted HTTP request comprised of '../' and the known filename, will display the contents of the particular file with read permissions.

Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host. 

http://target/../../../filename.ext

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation