Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-4680. PoCs published by hinge.
AI-analyzed exploit summary This is a detailed security advisory describing a directory traversal vulnerability in IOServer's web server component, allowing arbitrary file access and directory listing when the 'Root Directory' lacks a trailing backslash. The advisory includes proof-of-concept steps using wget to exploit the vulnerability.
Description
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
Exploits (1)
This is a detailed security advisory describing a directory traversal vulnerability in IOServer's web server component, allowing arbitrary file access and directory listing when the 'Root Directory' lacks a trailing backslash. The advisory includes proof-of-concept steps using wget to exploit the vulnerability.