Dryzsyn
Dryzsyn
/ gist:c9fde05b923603367c71c471512cfb02
Last active
January 30, 2026 18:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---------------------- | |
| Affected Software: EnvisionWare - PC Reservation Management Console (Application Server) - version 4.6.0.27090 (latest release) | |
| Issue: Directory Traversal | |
| CVE ID: Requested | |
| Not Affected: OneStop | |
| ---------------------- | |
| Description: An issue in EnvisionWare's PC Reservation - Management Console application server allows remote, unauthenticated attackers on the same network to perform a directory traversal. This could allow access to sensitive data on the underlying host, facilitating targeted attacks to compromise the PC Reservation server. | |
| The vulnerable service "ILS Service" is an http-based service that listens on port 32901. It is used for communication between the PC Reservation server and the ILS server to validate patron accounts for use with the PC Reservation system. | |
| Remediation: None | |
| PoC: The following URL encoded attack can be entered into the web browser on the PC Reservation server to access a sensitive configuration file. This was also tested from other hosts on the same V |