Posts Tagged ‘Android’

File Expert “path” Directory Traversal Vulnerability

Posted: 16th July 2011 by sharpe in Vulnerabilities
Tags:
0

Summary Sarid Harper has discovered a vulnerability in File Expert for Android, which can be exploited by malicious users to gain knowledge of sensitive information. Input passed to the “path” parameter in “/webapps/file/listing” is not properly sanitised before being used to display files and directories. This can be exploited to list arbitrary directories and files [...]

Share

File Expert File Deletion Vulnerability

Posted: 16th July 2011 by sharpe in Vulnerabilities
Tags:
0

Summary Sarid Harper has discovered a vulnerability in File Expert for Android, which can be exploited by malicious users to delete files residing outside the FTP root. The vulnerability is caused by an error in the way FTP “DELE” requests are handled. This can be exploited to escape the FTP root and delete arbitrary files [...]

Share