Published: 30/03/2018 Updated: 20/04/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in Twonky Server 7.0.11 up to and including 8.5 allows remote malicious users to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lynxtechnology twonky server

''' --------------------------------------------------------------------- 1 About --------------------------------------------------------------------- # Exploit Title: TwonkyMedia Server 7011-85 Directory Traversal # Date: 2018-03-27 # Exploit Author: Sven Fassbender # Contact: twittercom/mezdanak # Vendor Homepage: wwwlynxt ...

TwonkyMedia Server version 7011-85 suffers from a directory traversal vulnerability ...

TwonkyMedia Server 7.0.11-8.5 Directory Traversal CVE-2018-7171

sharingIsCaring TwonkyMedia Server Pwnd CVE-2018-7171 Background information This is a GitHub repository keeping all relevant information about CVE-2018-7171 (and more) CVE-2018-7171 represents a directory/file traversal vulnerability in TwonkyMedia Server version 7011-85 (latest version) Exploiting this vulnerability allows an attacker to list all files located on the dev

CWE-22 https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html https://www.exploit-db.com/exploits/44350/https://nvd.nist.gov https://github.com/mechanico/sharingIsCaring https://www.exploit-db.com/exploits/44350/

CVE-2018-7171

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect