Published: 20/04/2018 Updated: 16/05/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ncomputing vspace pro 10
ncomputing vspace pro 11

# Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability # Date: 2018-04-20 # Software Vendor: NComputing # Software Link: # Author: Javier Bernardo # Contact: javier@kwellnet # Website: wwwkwellnet # CVE: CVE-2018-10201 # Category: Webapps #[Description] # #It is possible to read arbitrary files outside th ...

Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability ...

CWE-22 http://www.kwell.net/kwell_blog/?p=5199 https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es https://www.exploit-db.com/exploits/44497/https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch https://nvd.nist.gov https://www.exploit-db.com/exploits/44497/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10201

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect