WebReflex Directory Traversal Vulnerability

From: luca.ercoliat_private
Date: Fri Dec 06 2002 - 05:44:55 PST

Next message: Steve W. Manzuik: "[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #433 - 4 msgs"

Previous message: Martin Schulze: "[SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary: WebReflex is a web server that is specially designed for use 
on cd-rom.

Details: Remote attackers can view any file on the server simply 
sending a specially crafted request to it. Exploit: http://target/../ 
tested on version 1.53

From: Luca Ercoli luca.ercoliat_private

Next message: Steve W. Manzuik: "[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #433 - 4 msgs"
Previous message: Martin Schulze: "[SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 07:41:36 PST