4 matches found
CVE-2016-6600
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/webnmsfileupload.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:49+00:00| seen|...
CVE-2016-6600
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. dot dot in the fileName parameter to servlets/FileUploadServlet...
WebNMS Framework 5.2SP1 File Upload
WebNMS 是一个业界领先的用于构建网络管理应用的架构。上传功能存在目录遍历及远程代码执行漏洞。 漏洞细节 FileUploadServlet允许未登录上传JSP文件。提交如下 POST 请求: POST /servlets/FileUploadServlet?fileName=../jsp/Login.jsp HTTP/1.1 下载官方Windows试用版软件测试通过: http://www.webnms.com/webnms/14107380/WebNMSFramework5STDWindows.exe 其它信息 漏洞发现者:Pedro Ribeiro...
WebNMS Framework Server Arbitrary File Upload (CVE-2016-6600)
An Arbitrary File Upload vulnerability exists in WebNMS Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...