YingZhiPython - Directory Traversal / Arbitrary File Upload
| EKU-ID: 42314 | CVE: | OSVDB-ID: |
| Author: Larry Cashdollar | Published: 2012-09-26 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 42314 | CVE: | OSVDB-ID: |
| Author: Larry Cashdollar | Published: 2012-09-26 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/55685/info An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process. YingZhiPython 1.9 is vulnerable; other versions may also be affected. ftp://www.example.com/../../../../../../../private/etc/passwd