| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 19 Apr 2011 21:30:16 -0000 From: by_argos@...mail.com To: bugtraq@...urityfocus.com Subject: Directory Traversal Vulnerability in Viola DVR VIO-4/1000 ============================================================== Viola DVR VIO-4/1000 - Directory Traversal Vulnerability ============================================================== Software: Viola DVR VIO-4/1000 (other products may be affected) Vendor: http://www.videcon.co.uk/ Vuln Type: Directory Traversal Remote: Yes Local: No Discovered by: QSecure and Demetris Papapetrou Website: http://www.qsecure.com.cy Discovered: 04/04/2011 Reported: 12/04/2011 Disclosed: 19/04/2011 Vendor's Response: None Vulnerability Reference: http://www.qsecure.com.cy/advisories/dir_traversal_in_viola_dvr.html VULNERABILITY DESCRIPTION: ========================== The scripts "/cgi-bin/wappwd" and "/cgi-bin/wapopen" are prone to a directory-traversal vulnerability because they fail to properly sanitize user-supplied input in the "FILEFAIL" and "FILECAMERA" parameters respectively. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. Authentication is not required to exploit the vulnerability. PoC Exploit: ============ /cgi-bin/wappwd?FILEFAIL=../../../etc/passwd /cgi-bin/wapopen?FILECAMERA=../../../etc/passwd
Powered by blists - more mailing lists