Re: CommuniGate Pro directory listings

From: tfmat_private
Date: Wed Jul 03 2002 - 02:28:06 PDT

Next message: 3APA3A: "NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))"

Previous message: 3APA3A: "NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))"
In reply to: c0rrect0rat_private: "CommuniGate Pro directory listings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, it's not working on 3.5.9 (not a beta release) :
Verified on Linux and Solaris.

TfM

----- Original Message -----
From: <c0rrect0rat_private>
To: <bugtraqat_private>
Sent: Tuesday, July 02, 2002 7:56 AM
Subject: CommuniGate Pro directory listings


> Problem:
> An anonymous user can see the listing of the current and parent directory
of CommuniGatePro WebUser directory.
> Vulnerable:
> All current versions of CommuniGatePro <= 4.0b4
> Details:
> You can get the listing of directory by accessing the CommuiGatePro
webmail for example http://host.com/. or http://host.com/..

text/plain attachment: cgp_dir.txt

Next message: 3APA3A: "NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))"
Previous message: 3APA3A: "NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))"
In reply to: c0rrect0rat_private: "CommuniGate Pro directory listings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 03 2002 - 09:37:30 PDT