Showing 1 - 1 of 1

CVE-2014-5468

Status Candidate

Overview

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.

Related Files

Railo 4.2.1 Remote File Inclusion: Posted Sep 12, 2014; Authored by drone, Brandon Perry | Site metasploit.com; This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.; tags | exploit, remote, arbitrary; advisories | CVE-2014-5468; SHA-256 | 0bbe174102c9e26fadfffb5af3c7e341a378b56297c9ad11a3b67c73f86ebcd0; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 90 files
indoushka 54 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 13 files
Gentoo 11 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,087)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,608)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,726)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

CVE-2014-5468

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems