Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2016-0784

Published: 11/04/2016 Updated: 09/10/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings prior to 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

Vulnerable Product Search on Vulmon Subscribe to Product

apache openmeetings

Exploits

Exploit DB: Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal
Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 19x - 310 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu (domain:5080/openmeetings/#admin/backup) is vulnerable to path traversal via specially crafted file names within ZIP archives ...

Recent Articles

Remote code execution found and fixed in Apache OpenMeetings
The Register • Darren Pauli • 07 Apr 2016

Password token snatch might explain that unexpected weirdo in your next online meeting

Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset token (CVE-2016-0783) and an arbitrary file read through the SOAP API (CVE-2016-2164) along with moderately dangerous holes in ZIP file path traversal (CVE-2016-0784) and stored...

Read more...

References

CWE-22http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.htmlhttp://www.openwall.com/lists/oss-security/2016/03/25/2http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-codehttps://www.apache.org/dist/openmeetings/3.1.1/CHANGELOGhttp://openmeetings.apache.org/security.htmlhttps://www.exploit-db.com/exploits/39642/http://www.securityfocus.com/archive/1/537929/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/39642/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook