10 matches found
📄 Mutiny 5.0-1.07 Directory Traversal
Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...
CVE-2013-0136
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
Directory traversal
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
CVE-2013-0136
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
CVE-2013-0136
Mutiny Mutiny Frontend EditDocument servlet contains directory traversal weaknesses disclosed for the Mutiny 5 appliance. The vulnerability allows authenticated users to perform operations (UPLOAD, DELETE, CUT, COPY) via injected parameters (uploadPath, paths[], newPath) to read arbitrary files, ...
Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...
Mutiny 5 Arbitrary File Read and Delete
This module exploits the EditDocument servlet from the frontend on the Mutiny 5 appliance. The EditDocument servlet provides file operations, such as copy and delete, which are affected by a directory traversal vulnerability. Because of this, any authenticated frontend user can read and delete...
Mutiny 5 Arbitrary File Upload
This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with roo...
CVE-2008-0861
Cross-site scripting XSS vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an hSearchString sub-parameter in the PreSetFields parameter of an EditDocument action...
Cross site scripting
Cross-site scripting XSS vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an hSearchString sub-parameter in the PreSetFields parameter of an EditDocument action...