{"vuid":"VU#504019","idnumber":"504019","name":"AjaXplorer contains multiple vulnerabilities","keywords":["AjaXplorer","directory traversal","cookie"],"overview":"AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme.","clean_desc":"AjaXplorer contains a directory traversal vulnerability in the \"Get Template\" feature. The URL variables template_name and pluginName can be used to exploit this vulnerability.","impact":"A remote unauthenticated attacker may be able to read any file on the server that the web service can access. If an attacker can steal a user's cookie or access the password file they can use the password hash to log in as that user without knowing the password.","resolution":"Apply an Update\nAjaXplorer 4.0.4 has been released to address these vulnerabilities.","workarounds":"","sysaffected":"","thanks":"Thanks to StenoPlasma for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://ajaxplorer.info/ajaxplorer-4-0-4/","http://www.exploitdevelopment.com/vulnerabilities/2012-WEB-001.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-02-27T15:58:48Z","publicdate":"2012-03-02T00:00:00Z","datefirstpublished":"2012-03-08T16:48:09Z","dateupdated":"2012-03-28T12:31:43Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"1","cam_exploitation":"1","cam_internetinfrastructure":"1","cam_population":"7","cam_impact":"7","cam_easeofexploitation":"8","cam_attackeraccessrequired":"8","cam_scorecurrent":"0.1764","cam_scorecurrentwidelyknown":"1.2936","cam_scorecurrentwidelyknownexploited":"2.4108","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"3.8","cvss_basevector":"AV:N/AC:--/Au:S/C:C/I:P/A:N","cvss_temporalscore":"3","cvss_environmentalscore":"3","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.1764,"vulnote":null}