bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/linux/webapps/39642.txt
Offensive Security 5de0917681 DB: 2016-04-01 
4 new exploits

Apache 1.3.x mod_mylo Remote Code Execution Exploit
Apache 1.3.x mod_mylo - Remote Code Execution Exploit

Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
Apache <= 1.3.31 mod_include - Local Buffer Overflow Exploit

Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability
Sire 2.0 (lire.php) - Remote File Inclusion/Arbitrary File Upload Vulnerability

HP Digital Imaging (hpqxml.dll 2.0.0.133) Arbitary Data Write Exploit
HP Digital Imaging (hpqxml.dll 2.0.0.133) - Arbitrary Data Write Exploit

SecureBlackbox (PGPBBox.dll 5.1.0.112) Arbitary Data Write Exploit
SecureBlackbox (PGPBBox.dll 5.1.0.112) - Arbitrary Data Write Exploit

Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability
Kwalbum <= 2.0.2 - Arbitrary File Upload Vulnerability

ZaoCMS (PhpCommander) Arbitary Remote File Upload Vulnerability
ZaoCMS (PhpCommander) - Arbitrary Remote File Upload Vulnerability

CMS Balitbang 3.3 Arbitary File Upload Vulnerability
CMS Balitbang 3.3 - Arbitrary File Upload Vulnerability

CMS Lokomedia 1.5 Arbitary File Upload Vulnerability
CMS Lokomedia 1.5 - Arbitrary File Upload Vulnerability

Apache 1.3.12 WebDAV Directory Listings Vulnerability
Apache 1.3.12 - WebDAV Directory Listings Vulnerability

Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
Apache 1.3 Web Server with PHP 3 - File Disclosure Vulnerability

NCSA 1.3/1.4.x/1.5_Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
NCSA 1.3/1.4.x/1.5_ Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval Vulnerability
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (1)
Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (2)
Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (3)
Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (4)

Shareplex 2.1.3.9/2.2.2 beta - Arbitary Local File Disclosure Vulnerability
Shareplex 2.1.3.9/2.2.2 beta - Arbitrary Local File Disclosure Vulnerability

Apache 1.3 Possible Directory Index Disclosure Vulnerability
Apache 1.3 - Possible Directory Index Disclosure Vulnerability

Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
Apache 1.0/1.2/1.3 - Server Address Disclosure Vulnerability

Apache 1.3/2.0.x Server Side Include Cross-Site Scripting Vulnerability
Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting Vulnerability

sendmail 8.11.6 Address Prescan Memory Corruption Vulnerability
SendMail 8.11.6 - Address Prescan Memory Corruption Vulnerability

Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
Apache 1.3.x mod_include - Local Buffer Overflow Vulnerability
Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)

PodHawk 1.85 - Arbitary File Upload Vulnerability
PodHawk 1.85 - Arbitrary File Upload Vulnerability

LibrettoCMS File Manager Arbitary File Upload Vulnerability
LibrettoCMS File Manager - Arbitrary File Upload Vulnerability

DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload
DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload

Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF
Axway Secure Transport 5.1 SP2 - Arbitrary File Upload via CSRF

Apache Spark Cluster 1.3.x - Arbitary Code Execution
Apache Spark Cluster 1.3.x - Arbitrary Code Execution

Elastix 'graph.php' Local File Include Vulnerability
Elastix 2.2.0 - 'graph.php' Local File Include Vulnerability
MOBOTIX Video Security Cameras - CSRF Add Admin Exploit
Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal
Apache Jetspeed Arbitrary File Upload
Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read
2016-04-01 05:03:13 +00:00

26 lines
No EOL
943 B
Text
Executable file
Raw Blame History

Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0
Description:
The Import/Export System Backups functionality in the OpenMeetings
Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path
traversal via specially crafted file names within ZIP archives.
By uploading an archive containing a file named ../../../public/hello.txt will write
the file "hello.txt" to the http://domain:5080/openmeetings/public/ directory. This could
be used to, for example, overwrite the /usr/bin/convert file (or any other 3 rd party
integrated executable) with a shell script, which would be executed the next time an image
file is uploaded and imagemagick is invoked.
All users are recommended to upgrade to Apache OpenMeetings 3.1.1
Credit: This issue was identified by Andreas Lindh
Apache OpenMeetings Team
--
WBR
Maxim aka solomax
Reference in a new issue View git blame Copy permalink