ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal

• Previous message: ByteRage: "Broker 5.9.5.0 Directory Traversal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AFFECTED SYSTEMS

ArGoSoft 1.2.2.2

DESCRIPTION

ArGoSoft also has the *.lnk upload directory traversal
vulnerability :

PUT \local.lnk remote.lnk.

IMPACT
users with write permissions can traverse directories,
by uploading a lnk file pointing to the desired file /
directory

VENDOR STATUS

I have sent this advisory to <supportat_private>

=======================================================
[ByteRage] <byterageat_private> [www.byterage.cjb.net]
=======================================================

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

• Next message: aliasat_private: "phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run"
• Previous message: ByteRage: "Broker 5.9.5.0 Directory Traversal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 02:37:05 PDT