Enceladus Server Suite traversal directory vulnerability

From: luca.ercoliat_private
Date: Sun Dec 08 2002 - 11:15:51 PST

Next message: Peter Kruse: "Denial of Service vulnerability in VisNetic Website"

Previous message: Martin Schulze: "[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary: Enceladus Server Suite is an internet/intranet lightweight web
and ftp server for windows.

Details: The web server has been found to contain a security flaw that
allows attackers to travers up the root directory and view/download
files on the system.

Vulnerable System: Enceladus Server Suite version 2.6.1

Example: http://host/../


From Luca Ercoli luca.ercoliat_private

Next message: Peter Kruse: "Denial of Service vulnerability in VisNetic Website"
Previous message: Martin Schulze: "[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 16:25:02 PST