Becareful new Vulnerability Apach Struts2 (Cve-2017-5638).
How to Fix: upgrade to Struts 2.3.32 or Struts 2.5.10.1
Affected Version: Struts 2.3.5 - 2.3.31, Struts 2.5 - 2.5.10
POC:
https://github.com/tengzhangchao/Struts2_045-Poc
Showing posts with label 0day. Show all posts
Showing posts with label 0day. Show all posts
Tuesday, 7 March 2017
Thursday, 9 June 2016
RESPONSIVE filemanager <= 9.10.2 - Directory Traversal
RESPONSIVE filemanager <= 9.10.2 - Directory Traversal
Advisory: Directory Traversal in RESPONSIVE filemanager on Window Server
During a penetration test discovered a directory traversal vulnerability
in RESPONSIVE filemanager. Attackers are able to read arbitrary directory by specifying a
relative path.
Details
=======
Product: DRESPONSIVE filemanager
Affected Versions: RESPONSIVE filemanager v9.10.2
Fixed Versions: Not yet
Vulnerability Type: Directory Traversal
Vendor URL:
http://www.responsivefilemanager.com/
Software Link:
https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.10.2/responsive_filemanager.zip
Vendor Status: fixed version released
Advisory URL: http://hacktizen.blogspot.com/2016/06/responsive-filemanager-9102-directory.html
Tested on: WINDOW SERVER
CVE: CVE-2014-2575
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2575
Attack Detail
[URL]/filemanager/dialog.php?editor=tinymce&type=&lang=&popup=0&field_id=&relative_url=0&akey=key&fldr=..\
fldr=..\..\..\
Advisory: Directory Traversal in RESPONSIVE filemanager on Window Server
During a penetration test discovered a directory traversal vulnerability
in RESPONSIVE filemanager. Attackers are able to read arbitrary directory by specifying a
relative path.
Details
=======
Product: DRESPONSIVE filemanager
Affected Versions: RESPONSIVE filemanager v9.10.2
Fixed Versions: Not yet
Vulnerability Type: Directory Traversal
Vendor URL:
http://www.responsivefilemanager.com/
Software Link:
https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.10.2/responsive_filemanager.zip
Vendor Status: fixed version released
Advisory URL: http://hacktizen.blogspot.com/2016/06/responsive-filemanager-9102-directory.html
Tested on: WINDOW SERVER
CVE: CVE-2014-2575
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2575
Attack Detail
[URL]/filemanager/dialog.php?editor=tinymce&type=&lang=&popup=0&field_id=&relative_url=0&akey=key&fldr=..\
fldr=..\..\..\
Subscribe to:
Comments (Atom)