Menu

Search for hundreds of thousands of exploits

"Home File Share Server 0.7.2 32 - Directory Traversal"

Author

Exploit author

"John Leitch"

Platform

Exploit platform

multiple

Release date

Exploit published date

2010-11-01

Download file

1
2
3
4
5
6
7
8
9
source: https://www.securityfocus.com/bid/44580/info

Home File Share Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Home File Share Server 0.7.2.32 is vulnerable; other versions may also be affected. 

http://www.example.com/RealFolder/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2015-11-03 "Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read" dos windows "John Leitch"
2015-11-03 "Python 2.7 - 'strop.replace()' Method Integer Overflow" dos windows "John Leitch"
2015-11-03 "Python 2.7 - 'array.fromstring' Method Use-After-Free" dos multiple "John Leitch"
2015-11-03 "Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)" dos windows "John Leitch"
2014-11-24 "PHP 5.5.12 - Locale::parseLocale Memory Corruption" dos php "John Leitch"
2011-05-16 "eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting" webapps php "John Leitch"
2011-04-08 "vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion" webapps php "John Leitch"
2011-04-04 "WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting" webapps php "John Leitch"
2011-04-03 "WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting" webapps php "John Leitch"
2011-03-10 "Xinha 0.96 - 'spell-check-savedicts.php' Multiple HTML Injection Vulnerabilities" webapps php "John Leitch"
2011-01-10 "Solar FTP Server 2.1.1 - 'PASV' Remote Buffer Overflow" remote windows "John Leitch"
2010-12-29 "QuickPHP Web Server 1.9.1 - Directory Traversal" remote windows "John Leitch"
2010-12-29 "httpdasm 0.92 - Directory Traversal" remote windows "John Leitch"
2010-12-10 "Helix Server 14.0.1.571 - Administration Interface Cross-Site Request Forgery" remote multiple "John Leitch"
2010-12-08 "WordPress Plugin Processing Embed 0.5 - 'pluginurl' Cross-Site Scripting" webapps php "John Leitch"
2010-12-08 "WordPress Plugin Safe Search - 'v1' Cross-Site Scripting" webapps php "John Leitch"
2010-12-07 "WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting" webapps php "John Leitch"
2010-11-10 "WeBid 0.85P1 - Multiple Input Validation Vulnerabilities" webapps php "John Leitch"
2010-11-08 "WordPress Plugin Vodpod Video Gallery 3.1.5 - 'vodpod_gallery_thumbs.php' Cross-Site Scripting" webapps php "John Leitch"
2010-11-08 "WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure" webapps php "John Leitch"
2010-11-08 "WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal" webapps php "John Leitch"
2010-11-08 "WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting" webapps php "John Leitch"
2010-11-08 "WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting" webapps php "John Leitch"
2010-11-01 "Project Jug 1.0.0 - Directory Traversal" remote windows "John Leitch"
2010-11-01 "Home File Share Server 0.7.2 32 - Directory Traversal" remote multiple "John Leitch"
2010-10-27 "MinaliC WebServer 1.0 - Denial of Service" dos windows "John Leitch"
2010-10-27 "MinaliC WebServer 1.0 - Directory Traversal" remote windows "John Leitch"
2010-10-11 "BaconMap 1.0 - SQL Injection" webapps php "John Leitch"
2010-10-11 "BaconMap 1.0 - Local File Disclosure" webapps php "John Leitch"
2010-10-01 "Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities" webapps php "John Leitch" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected