8 lines
No EOL
714 B
Text
8 lines
No EOL
714 B
Text
source: http://www.securityfocus.com/bid/14487/info
|
|
|
|
EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
|
|
|
|
A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. An attacker can also obtain the contents of arbitrary directories by appending a '.' to the end of a request. Exploitation of these vulnerabilities could lead to a loss of confidentiality and information disclosure.
|
|
|
|
http://www.example.com/../../../../../../../EMC/NAVISPHERE/common/log/navimon.log
|
|
http://www.example.com/. |