Title: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - Arbitrary File Read Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14754 Affected Software: ================== OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) Exploit was tested on: ====================== v4.5SP1 Patch 13 (older versions might be affected as well) Arbitrary File Read: ==================== Authenticated user is able to read arbitrary system file due to path traversal issue. Vector :
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment