Lucene search
K

26 matches found

Huntr
Huntr
added 2022/07/04 5:32 p.m.11 views

Improper handling of parameter lead to listing any directory

Description In file-manager/list API, the server does not handling path parameters properly lead to allow listing any directory. To exploit, use double URL encoding to bypass filter. Proof of Concept GET /demo/api/file-manager/list?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/18 4:56 a.m.12 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Possible to perform reflected XSS by using double URL encoding when retrieving files Proof of Concept Trigger XSS via...

0.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/10/07 12:0 a.m.393 views

CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

9.8CVSS9.4AI score0.99992EPSS
In wildExploits175References34
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

CGIScript.net csNews 1.0 Double URL Encoding Unauthorized Administrative Access

No description provided by source. source: http://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with public access to the system may be able to view an...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2002/06/11 12:0 a.m.14 views

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with...

1.9AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/11 12:0 a.m.34 views

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with "public" access to the system may be able to view and modify some administration...

7.4AI score
Exploits0
Rows per page
Query Builder