| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040129104043.9815.qmail@www.securityfocus.com>
Date: 29 Jan 2004 10:40:43 -0000
From: ZetaLabs <zetalabs@...e-h.org>
To: bugtraq@...urityfocus.com
Subject: ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard
review) Remote arbitrary file retrieving
ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving
Published: 29 january 2004
Released: 29 january 2004
Name: PJ CGI Neo review (NeoBoard review)
Affected Systems: Current version
Issue: Remote file retrieving
Author: Zone-h Security Labs
Vendor: http://www.livepj.com
Description
***********
Zone-h Security Team has discovered a flaw in PJ CGI Neo review (NeoBoard review). There is a vulnerability in the current version of NeoBoard that allows an attacker to retrieve arbitrary files from the webserver with its priviledges.
Details
*******
It's possibile for a remote attacker to retrieve any file from a webserver.
For example try this:
http://address/directory/PJreview_Neo.cgi?p=/../../../../../../../../../../../../../../../../etc/passwd
Solution:
*********
The vendor has not been contacted because his site is unreachable.
http://www.zone-h.org/advisories/read/id=3824
Powered by blists - more mailing lists