Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln

From: Tekno pHReak (tekat_private)
Date: Sat Mar 09 2002 - 20:23:45 PST

Next message: b0iler _: "xtux server DoS."

Previous message: Greg KH: "OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Pi3Web/2.0.0 File-Disclosure/Path Disclosure *************************************************** Vulnerability ************* Discovered by: Teknophreak of Malloc() ************************************** Date: March 9 2002 ******************* Contact: tekat_private *************************** Pi3Web is a Webserver available for multiple Microsoft Windows platforms. There are multiple disclosure flaws within the webserver that may assist an attacker in performing more concentrated attacks against the server and also can allow the disclosure of sensitive files on the webserver. To see the webroot directory just simply cause a 404 error: http://pi3web-host.com/fake_page To view files on the web server that you are not supposted to be seen do something like: http://pi3web-host.com/*.extension Quick Fix: ------------- Don't use it or wait for vendor patch.

Next message: b0iler _: "xtux server DoS."
Previous message: Greg KH: "OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 11 2002 - 08:59:51 PST