----- Begin Hush Signed Message from joetestaat_private ----- Vulnerability in WebXQ Server Overview WebXQ v2.1.204 is a web server available from http://www.datawizard.net. A vulnerability exists which allows a remote user to break out of the ftp root. Details The following URL demonstrates the problem: http://localhost/./.../[any file outside web root] Solution Vendor has released v2.1.205 which fixes this problem. It is available at: http://www.datawizard.net/Free_Software/WebXQ_Free/webxq_free.htm Vendor Status DataWizard Technologies was contacted via <webxqat_private> on Wednesday, April 25, 2001. The problem was corrected the next day. - Joe Testa e-mail: joetestaat_private web page: http://hogs.rit.edu/~joet AIM: LordSpankatron ----- Begin Hush Signature v1.3 ----- HfcK0KsDvkUZwYMIi9UofHt3sjf4TsjPUmeaGtAeaea7iJPJTLV0yAeeMMSquPGVfEId 6JrmzzK+4ZLl4zEpD0L3DK28ay68HLfy7SuwbV6wKcESfdhdd3Ox8qZoXfEH/zKdylby ONnHoMHHXmLjpJKmG+LFBKKx9LfhTlgGwXdVzwDVajCnO4IQ4tx0Sv3/ddHct3kQ97V7 HMWFiX1juEsUov/aYg0+d/u4y7DQWZyx1ImFIy2qY3c6l1sMRJF5zNkWuyb3LJTyCfck 30x4uCGfmq/7/mEXKgnbIKAZfVlYN+OZMMo5EszIRrR1YiJwK0tujwG86+8HyNOqG2aE UyosFcdHEKN0XNifMT7Lh4E/plQ8UEku6Q7nQ4BRPZmzQJfrkW1Gned9ZH+uKsmBJSyg yd/jPyhfJCQfL9dQvpwpv5W+AB1rQQFuQbDvq9IAwAFmEAZ110Yg0GF5IA1q18JfLjna RYwGMiEvC7E7kUA4NDKVyitcmPYHwqZlSSnqj1Je87aA ----- End Hush Signature v1.3 ----- This message has been signed with a Hush Digital Signature. To verify the signature, please go to www.hush.com/tools Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 22:59:01 PDT