lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: corryl at sitoverde.com (CorryL) Subject: SD Server 4.0.70 Directory Traversal Bug ..:x0n3-h4ck Italian Security Team:.. /*Advisories*\ */ Application: SD Server Url Vendor: http://www.gdsoftware.dk/ Version: <= 4.0.70 Platforms: Windows Bug: Directory Traversal Exploitation: Remote Author: CorryL Email Author: corryl80@...il.com Url Author: www.x0n3-h4ck.org *\ {Description} The SD Server is a easy http server, A remote user can obtain files on the system that are located outside of the web document directory. {Bug} http://victimhost/../../../windows/repair/sam A remote user succeeds to read the file sam of the system where to be in execution SD Server. {Vendor Status} 20/02/2005 Vendor notification 20/02/2005 Vendor response 21/02/2005 Vendor Fix the Bug {Fix} In version 4.0.0.72 http://www.gdsoftware.dk/dl_file.asp?link=SDServer 4.0.0.72.zip CorryL corryl80@...il.com www.x0n3-h4ck.org Italian Security Team _________________________________ www.seekstat.it is your web stat