5 matches found
PT-2024-40243 · Saltcorn · Saltcorn
Name of the Vulnerable Software and Affected Versions: Saltcorn version 1.0.0-beta.13 Description: A user with admin permission can read arbitrary file and directory names on the filesystem by calling the "/build-mobile-app/result" endpoint. The build dir name parameter is not properly validated...
Design/Logic Flaw
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet...
Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure Exploit
Exploit for windows platform in category dos / poc Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory leading to...
http-iis-short-name-brute NSE Script
Attempts to brute force the 8.3 filenames commonly known as short names of files and directories in the root folder of vulnerable IIS servers. This script is an implementation of the PoC "iis shortname scanner". The script uses ,? and to bruteforce the short name of files present in the IIS...
Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Windows)
This host is installed with Adobe Flash Player/Air and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeprdtsmultvulndec09win.nasl 8210 2017-12-21 10:26:31Z cfischer $ Adobe Flash Player/Air Multiple Vulnerabilities - dec09 Windows Authors: Antu Sanadi Copyright:...