6 matches found
EUVD-2025-209203
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
EUVD-2025-209206
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59709
The CVE-2025-59709 entry concerns BizTalk360 (up to version 11.5). The vulnerability stems from mishandling user-supplied input in a path read by the server, enabling a directory traversal condition. Affected component is the server-side path handling, allowing a Super User attacker to read arbit...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
DFSCoerce - PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method
PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method and probably more but am lazy and its just PoC :P . Documentation: https://docs.microsoft.com/en-us/openspecs/windowsprotocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979 Inspired by: PetitPotam @topotam77...