.. / CVE-2012-4940

Exploit for Axigen Mail Server Filename Directory Traversal (CVE-2012-4940)

Description:

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.

Nuclei Template

View the template here CVE-2012-4940.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2012/CVE-2012-4940.yaml

References:

https://www.exploit-db.com/exploits/37996
https://nvd.nist.gov/vuln/detail/CVE-2012-4940
http://www.kb.cert.org/vuls/id/586556
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2012-4940 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Axigen Mail Server Filename Directory Traversal (CVE-2012-4940)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2012-4940