Published: 16/09/2011 Updated: 16/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in an HTTP GET request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
carel plantvisor

require 'msf/core' class MetasploitModule < Msf::Auxiliary Rank = GreatRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Carel Pl@ntVisor Directory Traversal', 'Description' => %q{ This module exploits a directory traversal vulnerability found in ...

####################################################################### Luigi Auriemma Application: Carel PlantVisor wwwcarelcom/carelcom/web/eng/catalogo/prodotto_dettjsp?id_prodotto=310 Versions: <= 244 Platforms: Windows Bug: directory traversal Exploitation: remote Dat ...

CWE-22 http://aluigi.altervista.org/adv/plantvisor_1-adv.txt http://securityreason.com/securityalert/8384 https://exchange.xforce.ibmcloud.com/vulnerabilities/69762 https://www.exploit-db.com/exploits/42706/https://nvd.nist.gov https://www.exploit-db.com/exploits/42706/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3487

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect