mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
752 B
752 B
CVE-2014-9436
Description
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ (four backslashes) in the fileName parameter to getRdsLogFile.
POC
Reference
- http://packetstormsecurity.com/files/129705/SysAid-Server-Arbitrary-File-Disclosure.html
- http://seclists.org/fulldisclosure/2014/Dec/99
Github
No PoCs found on GitHub currently.