Description
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by dr_insane · textremotewindows
https://www.exploit-db.com/exploits/26775
exploitdb
WORKING POC
VERIFIED
by dr_insane · textremotewindows
https://www.exploit-db.com/exploits/26773
exploitdb
WORKING POC
VERIFIED
by dr_insane · textremotewindows
https://www.exploit-db.com/exploits/26774
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23552
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15807
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2840
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17989
Various Sources x_refsource_misc
http://www.ipomonis.com/advisories/logisphere_server.zip
Scores
EPSS
0.0404
EPSS Percentile
88.5%
Details
Status
published
Products (1)
logisphere/logisphere
0.9.9j
Published
Dec 13, 2005
Tracked Since
Feb 18, 2026