trump88 (5)

Last Login: July 19, 2021
Assessments
2
Score
5

trump88's Contributions (2)

Sort by:
Filter by:
1
Ratings
Technical Analysis

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter “file” in URL.

Also: affected components in same product – HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05)

2
Ratings
Technical Analysis

Authentication Bypass Vulnerability in Mind Server version <= 3.13.65 allows any user to steal the self-diagnostic archive via a direct request https://PWND.SITE/api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1. The archive contains copies of the main configuration files and event logs of Mind Server portal. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Origin: https://github.com/trump88/CVE-2020-24765