ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AFFECTED SYSTEMS ArGoSoft 1.2.2.2 DESCRIPTION ArGoSoft also has the *.lnk upload directory traversal vulnerability : PUT \local.lnk remote.lnk. IMPACT users with write permissions can traverse directories, by uploading a lnk file pointing to the desired file / directory VENDOR STATUS I have sent this advisory to <supportat_private> ======================================================= [ByteRage] <byterageat_private> [www.byterage.cjb.net] ======================================================= __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 02:37:05 PDT