186 matches found
Path traversal
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...
SAP Management Console List Config Files
This module attempts to list the config files through the SAP Management Console SOAP Interface. Returns a list of config files found in the SAP configuration with its absolute paths inside the server filesystem. This module requires Metasploit: https://metasploit.com/download Current source:...
Unspecified Vulnerability in Schneider Electric StruxureWare Data Center Operation
Schneider Electric StruxureWare Data Center Operation is a suite of data center operations software from Schneider Electric, France. The software provides an instant overview of data center operations through inventory management, PUE calculations, real-time equipment alerts and location-based...
[SECURITY] [DLA 1441-1] sympa security update
Package : sympa Version : 6.1.23dfsg-2+deb8u2 CVE ID : CVE-2018-1000550 A vulnerability has been discovered in Sympa, a modern mailing list manager, that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the...
CVE-2018-11051
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the applicati...
CVE-2018-11051 RSA Certificate Manager Path Traversal Vulnerability
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the applicati...
Directory traversal
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...
CVE-2017-16213
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16215
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16196
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16183
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16123
welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory traversal
jnjjserver is a static file server. jnjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16197
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16182
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Root Path Disclosure in send
Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later...
Opentext Documentum Content Server File Hijack / Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...
[ MDVSA-2015:051 ] sympa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:051 http://www.mandriva.com/en/support/security/ Package : sympa Date : March 3, 2015 Affected: Business Server 1.0 Problem Description: Updated sympa packages fix security vulnerability: A vulnerability hav...
Updated sympa packages fix CVE-2015-1306
Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...