Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8084

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-8084
Last Modified 06 Jan 2015 11:43:51
Published 05 Jan 2015 03:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8084

Summary

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.

Vulnerable Systems

Application

  • Osclass 3.4.2


References

BID - 71841

BUGTRAQ - 20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability

MISC - http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html

MISC - http://karmainsecurity.com/KIS-2014-15

CONFIRM - http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/


Last Updated: 27 May 2016 10:52:01