EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure

EDB-ID:

26101

CVE:

2005-2357

EDB Verified:

Author:

anonymous

Type:

remote

Exploit:   /  

Platform:

Linux

Date:

2005-08-05

Vulnerable App: 
source: https://www.securityfocus.com/bid/14487/info

EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. An attacker can also obtain the contents of arbitrary directories by appending a '.' to the end of a request. Exploitation of these vulnerabilities could lead to a loss of confidentiality and information disclosure. 

http://www.example.com/../../../../../../../EMC/NAVISPHERE/common/log/navimon.log
http://www.example.com/.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services