Vikas Singhal

2 exploits Active since Nov 2013

CVE-2013-5688 EXPLOITDB WRITEUP

AjaXplorer <= 5.0.2 - Authenticated Path Traversal and Arbitrary File Write via Null Byte in File Parameter

Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.

View Code

CVE-2013-5689 EXPLOITDB text WRITEUP

Rejected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5688. Reason: This issue has been MERGED with CVE-2013-5688 in accordance with CVE content decisions, because it is the same type of vulnerability affecting the same versions. Notes: All CVE users should reference CVE-2013-5688 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

View Code