CVE-2014-3806
VMTurbo Operations Manager < 4.6 - Unauthenticated Directory Traversal via xml_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-3806. PoCs published by Jamal Pecou.
AI-analyzed exploit summary The advisory describes a directory traversal vulnerability in VM Turbo Operations Manager's '/cgi-bin/help/doIt.cgi' endpoint, allowing unauthorized file access via the 'xml_path' parameter. The example demonstrates reading '/etc/passwd' without authentication.
Description
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
Exploits (1)
The advisory describes a directory traversal vulnerability in VM Turbo Operations Manager's '/cgi-bin/help/doIt.cgi' endpoint, allowing unauthorized file access via the 'xml_path' parameter. The example demonstrates reading '/etc/passwd' without authentication.