CVE-2015-1577
published 2015-02-11CVE-2015-1577: Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or…
PriorityP346medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
7.27%
93.6th percentile
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yuba | u5cms | <= 3.9.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion
exploitdb·2015-02-09
CVE-2015-1577 u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion
u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion
---
u5CMS 3.9.3 (deletefile.php) Arbitrary File Deletion Vulnerability
Vendor: Stefan P. Minder
Product web page: http://www.yuba.ch
Affected version: 3.9.3 and 3.9.2
Summary: u5CMS is a little, handy Content Management System for medium-sized
websites, conference / congress / submission administration, review processes,
personalized serial mails, PayPal payments and online surveys based on PHP and
MySQL and Apache.
Desc: Input passed to the 'f' parameter in 'deletefile.php' is not properly
sanitised before being used to delete files. This can be exploited to delete
files with the permissions of the web server using their absolute path or via
directory traversal sequences passed within the affected GET parameter.
Tested on: Ap
Exploit-DB
Achat 0.150 beta7 - Remote Buffer Overflow
exploitdb·2015-02-08
CVE-2015-1578 Achat 0.150 beta7 - Remote Buffer Overflow
Achat 0.150 beta7 - Remote Buffer Overflow
---
#!/usr/bin/python
# Author KAhara MAnhara
# Achat 0.150 beta7 - Buffer Overflow
# Tested on Windows 7 32bit
import socket
import sys, time
# msfvenom -a x86 --platform Windows -p windows/exec CMD=calc.exe -e x86/unicode_mixed -b '\x00\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff' B
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130325/u5CMS-3.9.3-Arbitrary-File-Deletion.htmlhttp://www.exploit-db.com/exploits/36026http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5226.phphttp://packetstormsecurity.com/files/130325/u5CMS-3.9.3-Arbitrary-File-Deletion.htmlhttp://www.exploit-db.com/exploits/36026http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5226.php
2015-02-11
Published