Lucene search
RgodZDI-16-628HistoryDec 13, 2016 - 12:00 a.m.
Advantech SUSIAccess Server downloadCSV file Parameter Directory Traversal Information Disclosure Vulnerability
2016-12-1300:00:00
rgod
www.zerodayinitiative.com
10
0.047 Low
EPSS
Percentile
92.7%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech SUSIAccess Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of downloadCSV.jsp. When parsing the file element, the process fails to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of SYSTEM.
Related
cvelist
cvelist
CVE-2016-9349
2017-02-13 21:00:00
nvd
nvd
CVE-2016-9349
2017-02-13 21:59:01
prion
prion
Information disclosure
2017-02-13 21:59:00
packetstorm
packetstorm
Advantech SUSIAccess 3.0 Directory Traversal / Information Disclosure
2017-08-01 00:00:00
Advantech SUSIAccess 3.0 File Upload
2017-08-02 00:00:00
cve
cve
CVE-2016-9349
2017-02-13 21:59:01
zdt
zdt
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure Exploit
2017-08-01 00:00:00
Advantech SUSIAccess <= 3.0 - RecoveryMgmt File Upload Exploit
2017-08-01 00:00:00
exploitpack
exploitpack
Advantech SUSIAccess 3.0 - RecoveryMgmt File Upload
2017-08-01 00:00:00
exploitdb
exploitdb
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
2017-08-01 00:00:00
ics
ics
Advantech SUSIAccess Server Vulnerabilities
2016-12-01 12:00:00