7 matches found
Mutiny 5 Arbitrary File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
CVE-2013-0136
Mutiny Mutiny Frontend EditDocument servlet contains directory traversal weaknesses disclosed for the Mutiny 5 appliance. The vulnerability allows authenticated users to perform operations (UPLOAD, DELETE, CUT, COPY) via injected parameters (uploadPath, paths[], newPath) to read arbitrary files, ...
Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...
CVE-2013-0136
creationtimestamp| type| source ---|---|--- 2013-05-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25517 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/mutinyfrontendupload.rb 2018-05-29 15:50:33+00:00|...
Mutiny 5 - Arbitrary File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...
Mutiny 5 Arbitrary File Upload
This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with roo...
Mutiny Appliance contains multiple directory traversal vulnerabilities
Overview Mutiny appliance contains multiple directory traversal CWE-22 vulnerabilities. Description The Mutiny appliance commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks. Additional details may be found in the Rapid7 blog post entitled, "New 1day Exploit...