Search the Community

Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal/directory climbing vulnerabilities. It is built to make it as performant as possible and to offer a wide arsenal of filter evasion techniques. How does it work? Vailyn operates in 2 phases. First, it checks if the vulnerability is present. It does so by trying to access /etc/passwd, with all of its evasive payloads. Analyzing the response, payloads that worked are separated from the others. Why phase separation? The separation in several phases is new in this version. It is done to hugely improve the performance of the tool. In previous versions, every file-directory combination was checked with every payload. This resulted in a huge overhead due to payloads being always used again, despite they are not working for the current server. Changelog v1.5.1-3 [New Features] Tor support now for Windows, too. Tor service must be started manually beforehand. [Bug Fixes] fixed an issue on Windows, where the tool would crash for targets with custom port or BasicAuth, because : is not an allowed directory character fixed terminal output flood during attack by providing an extra progress function color output should work now on Windows, please report back if it still doesn’t [hide][Hidden Content]]

This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. View the full article

SugarCRM versions 9.0.1 and below suffer from multiple path traversal vulnerabilities. View the full article

WordPress Arforms plugin version 3.7.1 suffers from a directory traversal vulnerability. View the full article

IcedTeaWeb suffers from multiple vulnerabilities including directory traversal and validation bypass issues that can lead to remote code execution. The affected versions are 1.7.2 and below, 1.8.2 and below. 1.6 is also vulnerable and not patched due to being EOL. Proof of concepts are provided. View the full article

This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution. View the full article

Tibco JasperSoft suffers from a path traversal vulnerability. View the full article

Totaljs CMS version 12.0 suffers from a path traversal vulnerability. View the full article

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date. View the full article

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. View the full article

GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files. View the full article

This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. View the full article

WordPress WP Fastest Cache plugin versions 0.8.9.5 and below suffer from a directory traversal vulnerability. View the full article

FANUC Robotics Virtual Robot Controller version 8.23 suffers from a path traversal vulnerability. View the full article

Sahi Pro version 8.x suffers from a directory traversal vulnerability. View the full article

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from a path directory traversal vulnerability. View the full article

GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities. View the full article

The IDAL FTP server fails to ensure that directory change requests do not change to locations outside of the FTP servers root directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory with "cd ..". An authenticated attacker can traverse to arbitrary directories on the hard disk and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker. View the full article

This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability. View the full article

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities. View the full article

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from dirPath directory traversal and remote code execution vulnerabilities. View the full article

BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution. View the full article

Sahi Pro versions 7.x and 8.x suffer from a directory traversal vulnerability. View the full article

Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities. View the full article

Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability. View the full article