Last Login: July 19, 2021
trump88's Contributions (2)
Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v126.96.36.199) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter “file” in URL.
Also: affected components in same product – HTTP Adapter (up to v.188.8.131.52), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05)
Authentication Bypass Vulnerability in Mind Server version <= 3.13.65 allows any user to steal the self-diagnostic archive via a direct request https://PWND.SITE/api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1. The archive contains copies of the main configuration files and event logs of Mind Server portal. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.