URL Live! 1.0 WebServer

From: UNYUN (shadowpenguinat_private)
Date: Thu Oct 28 1999 - 07:04:54 PDT

Next message: Francis Favorini: "IE 5.0 cross-frame vulnerabilities back again"

Previous message: kadokevat_private: "Blocking IP Options (was Re: Remote DoS in Axent's Raptor 6.0)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello

URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific
Software Publishing, Inc. (http://www.urllive.com/) also has a "../"
security problem, any users can download any files on the victim host.

example:
http://www.xxx.yy.jp/../../../../config.sys

-----
 The Shadow Penguin Security (http://shadowpenguin.backsection.net)
 Webmaster / UNYUN (shadowpenguinat_private)

Next message: Francis Favorini: "IE 5.0 cross-frame vulnerabilities back again"
Previous message: kadokevat_private: "Blocking IP Options (was Re: Remote DoS in Axent's Raptor 6.0)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:07 PDT