Exploit for Path Traversal in Inneo Startup_Tools

CVE-2020-15492 This vulnerablity was discovered and disclosed...

INNEO Solutions INNEO Startup TOOLS 2018 M040 Path Traversal Vulnerability

INNEO Solutions INNEO Startup TOOLS 2018 M040 is an INNEO startup tool from INNEO Solutions, Germany. A path traversal vulnerability exists in INNEO Solutions INNEO Startup TOOLS 2018 M040 13.0.70.3804 and previous versions. An attacker can exploit this vulnerability to read arbitrary files on th...

INNEO Startup TOOLS 2018 M040 13.0.70.3804 Remote Code Execution

Exploit Title: INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Date: 2020-07-23 Exploit Author: Patrick Hener, SySS GmbH Many credits go to Dr. Benjamin Heß, SySS GmbH for helping with php oddities and the powershell payload Advisory: SYSS-2020-028...

INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Exploit

Exploit for multiple platform in category web applications Exploit Title: INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Exploit Author: Patrick Hener, SySS GmbH Many credits go to Dr. Benjamin Heß, SySS GmbH for helping with php oddities and the powershell payload Advisory:...

CVE-2020-15492

An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sutsrv.exe web application served on TCP port 85 includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the...

Directory traversal

An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sutsrv.exe web application served on TCP port 85 includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the...

CVE-2020-15492

CVE-2020-15492 affects INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The web application sut_srv.exe (port 85) processes user input and uses it in a filesystem operation without proper validation, enabling an unauthenticated attacker to read server files via Directory...

CVE-2020-15492

An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sutsrv.exe web application served on TCP port 85 includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the...