lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Feb 2005 23:10:54 +0100 From: "CIRT Advisory" <advisory@...t.dk> To: <bugtraq@...urityfocus.com> Subject: The WebConnect 6.4.4 and 6.5 contains several vulnerabilities The WebConnect 6.4.4 and 6.5 contains several vulnerabilities such as: - Denial of Service when requesting an DOS Device in Path Name - Reading of files outside webroot (Directory traversal) Requesting "DOS Device in Path Name" Denial of Service When requesting a DOS device in the URL the server will stop responding to any further requests before a manual restart of service has been made. This attack can be preformed on both the client website and the administration interface. Vulnerable versions: - WebConnect 6.4.4 (Possible previous versions) - WebConnect 6.5 CERT response: - VU#552561 CAN-2004-0466 Reading of files outside webroot (Directory traversal) When sending a specially crafted request to the server it is possible to read files outside the webroot. Since the service as default runs with system rights, this could give access to the entire partition that WebConnect are installed on. Vulnerable versions: - WebConnect 6.4.4 (Possible previous versions) CERT response: - VU#628411 CAN-2004-0465 Read the full advisory for both the vulnerabilities at: http://www.cirt.dk/
Powered by blists - more mailing lists