8 matches found
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2020-36939 Cassandra Web 0.5.0 - Remote File Read
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
EUVD-2020-30857
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
Cassandra Web File Read Vulnerability
This module exploits an unauthenticated directory traversal vulnerability in Cassandra Web 'Cassandra Web' version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module Module Options msf use...
Cassandra Web 0.5.0 - Remote File Read
Exploit Title: Cassandra Web 0.5.0 - Remote File Read Date: 12-28-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://github.com/avalanche123/cassandra-web Software Link: https://rubygems.org/gems/cassandra-web/versions/0.5.0 Version: 0.5.0 Tested on: Linux !/usr/bin/python -- coding: UTF-...
Cassandra Web 0.5.0 Remote File Read
!/usr/bin/python -- coding: UTF-8 -- cassmoney.py Cassandra Web 0.5.0 Remote File Read Exploit Jeremy Brown jbrown3264/gmail Dec 2020 Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for th...