CVE-2014-2575
CVE-2014-2575
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.htmlnão verificadocve_referencewww.exploit-db.com/exploits/33700não verificadoexploitdbwww.exploit-db.com/exploits/33700não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://osvdb.org/show/osvdb/107742http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2014/Jun/24http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-managerhttp://www.exploit-db.com/exploits/33700http://www.securityfocus.com/archive/1/532304/100/0/threadedhttp://www.securityfocus.com/bid/67902