Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings prior to 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache openmeetings |
Password token snatch might explain that unexpected weirdo in your next online meeting
Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset token (CVE-2016-0783) and an arbitrary file read through the SOAP API (CVE-2016-2164) along with moderately dangerous holes in ZIP file path traversal (CVE-2016-0784) and stored...