Open-Xchange: IDOR - Folder names disclosure inside a domain, regardless of user

Hello, by changing the folderid parameter from the task reminders action, the folder name is leaked and a specific user can find all the folders inside the domain. PUT /appsuite/api/tasks?action=new&session=396a79677e3241b799f17051d0923da5&timezone=UTC HTTP/1.1 Host: sandbox.open-xchange.com...

Amiro.CMS <= 5.4.0.0 folder disclosure

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005 Amiro.CMS root folder disclosure Objective: Amiro CMS = 5.4.0.0 Type: Disclosure of ways Threat: Medium Date Discovered: 01.07.2009 Date of...

Microsoft IIS - Short FileFolder Name Disclosure

Microsoft IIS - Short FileFolder Name Disclosure PoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19525.zip Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog...

Microsoft IIS - Short File/Folder Name Disclosure

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19525.zip Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "IIS is a web...

Mura CMS

ONSEC-09-020 Mura CMS root folder disclosure Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Description: content...

Mura CMS 5.1 Root folder disclosure

Exploit for unknown platform in category web applications =================================== Mura CMS 5.1 Root folder disclosure =================================== Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer:...

Mura CMS 5.1 Root folder disclosure

No description provided by source. ONSEC-09-020 Mura CMS root folder disclosure Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir Vorontsov OnSec Russian Security Group...

Mura CMS 5.1 Folder Disclosure

ONSEC-09-020 Mura CMS root folder disclosure Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Description: content...

Amiro.CMS 5.4.0.0 Root Folder Disclosure

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005 Amiro.CMS root folder disclosure Objective: Amiro CMS = 5.4.0.0 Type: Disclosure of ways Threat: Medium Date Discovered: 01.07.2009 Date of notification Developer: 01.07.2009...

Amiro.CMS <= 5.4.0.0 folder disclosure

Exploit for unknown platform in category web applications ====================================== Amiro.CMS = 5.4.0.0 folder disclosure ====================================== ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005...

Amiro.CMS &lt;= 5.4.0.0 folder disclosure

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005 Amiro.CMS root folder disclosure Objective: Amiro CMS = 5.4.0.0 Type: Disclosure of ways Threat: Medium Date Discovered: 01.07.2009 Date of...

[Full-disclosure] Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files

Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files Affected Program : Rediff Bol Download ActiveX ActiveX OCX Control that downloads the Rediff Bol Messenger setup and spawns it. Related URL : http://messenger.rediff.com/newbol/ Discovered by : Gregory R. Panakkal...