16 matches found
EUVD-2017-1502
Malware in sbrugna...
VulnCheck KEV: CVE-2017-1000170
jqueryFileTree 2.1.5 and older Directory Traversal...
jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree 2.1.5 and older is vulnerable to Directory Traversal POC: bash curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"...
GHSA-P739-9479-5WR2 jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree 2.1.5 and older is vulnerable to Directory Traversal POC: bash curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"...
Folders Disclosure via Outdated jQueryFileTree Library
The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server PoC curl...
Folders Disclosure via Outdated jQueryFileTree Library
The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server curl...
Directory Traversal
jqueryFileTree is vulnerable to directory traversal. A lack of validation on the dir parameter allows a remote attacker to submit a / character to retrieve the contents of a specified directory outside of the web root....
Directory traversal
jqueryFileTree 2.1.5 and older Directory Traversal...
CVE-2017-1000170
jqueryFileTree 2.1.5 and older Directory Traversal...
CVE-2017-1000170
jqueryFileTree 2.1.5 and older Directory Traversal...
CVE-2017-1000170
jqueryFileTree 2.1.5 and older Directory Traversal...
CVE-2017-1000170
CVE-2017-1000170 affects the WordPress Delightful Downloads plugin’s jqueryFileTree 2.1.5 and older. The connected documents describe a directory traversal/local file inclusion vulnerability in jqueryFileTree, allowing an attacker to include arbitrary local files via the jqueryFileTree.php connec...
Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal
Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...
Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal
Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...
Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal
Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...
泛微OA系统第三方组件jqueryFileTree不安全配置导致目录遍历
可遍历至操作系统任意目录,只能查看文件名及大小等信息,但是遍历整个oa的目录,收获还是很大的,比如log文件、文本文件等都会对渗透有很大的帮助。有些log文件会包含数据库操作记录,比如更改oa登录密码等,如此便可不费吹灰之力登录oa。 文件:/js/jquery/plugins/jqueryFileTree/connectors/jqueryFileTree.jsp jqueryFileTree在很多通用软件中用的还比较多,该文件接受dir参数来浏览指定的目录,部分代码: / jQuery File Tree JSP Connector Version 1.0 Copyright 200...