CVE-2015-4666
published 2015-08-13CVE-2015-4666: Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a…
PriorityP344medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.23%
96.5th percentile
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xceedium | xsuite | — | — |
| xceedium | xsuite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xceedium Xsuite - Multiple Vulnerabilities
exploitdb·2015-07-27·CVSS 9.8
CVE-2015-4669 [CRITICAL] Xceedium Xsuite - Multiple Vulnerabilities
Xceedium Xsuite - Multiple Vulnerabilities
---
See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
modzero Security Advisory:
Multiple Vulnerabilities in Xceedium Xsuite [MZ-15-02]
1. Timeline
* 2015-06-17: Vulnerabilities have been discovered
* 2015-06-19: Vendor notified via [email protected]
* 2015-06-19: CVE IDs assigned
* 2015-06-26: Public reminder sent via Twitter
* 2015-06-26: Findings updated
* 2015-07-22: Release after Xceedium did not respond within
more than 15 business days
2. Summary
Vendor: Xceedium, Inc.
Products known to be affected:
* Xsuite 2.3.0
* Xsuite 2.4.3.0
* Other products and versions may be affected as well.
Severity: Overall High
Remote exploitable: remote and local
The Xsuite system controls and audits privileged user ac
Nuclei
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2015-4666 [MEDIUM] Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.
Template:
id: CVE-2015-4666
info:
name: Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
author: 0x_Akoko
severity: medium
description: Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, disclosure of sensitive information, and potential remote code execution.
remediation: |
Upgrade Xceedium Xsuite to a version higher than 2.4.4.5 or apply the n
http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.htmlhttp://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txthttps://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.htmlhttps://www.exploit-db.com/exploits/37708/http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.htmlhttp://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txthttps://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.htmlhttps://www.exploit-db.com/exploits/37708/
2015-08-13
Published