| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000f01c51798$c397cae0$0201a8c0@CIRT> From: advisory at cirt.dk (CIRT Advisory) Subject: The WebConnect 6.4.4 and 6.5 contains several vulnerabilities > The WebConnect 6.4.4 and 6.5 contains several vulnerabilities such as: > - Denial of Service when requesting an DOS Device in Path Name > - Reading of files outside webroot (Directory traversal) > > Requesting "DOS Device in Path Name" Denial of Service > When requesting a DOS device in the URL the server will stop responding > to any further requests before a manual restart of service has been made. > This attack can be preformed on both the client website and the > administration interface. > > Vulnerable versions: > - WebConnect 6.4.4 (Possible previous versions) > - WebConnect 6.5 > > CERT response: > - VU#552561 CAN-2004-0466 > > > Reading of files outside webroot (Directory traversal) > When sending a specially crafted request to the server it is possible to > read files outside the webroot. Since the service as default runs with > system rights, this could give access to the entire partition that > WebConnect > are installed on. > > Vulnerable versions: > - WebConnect 6.4.4 (Possible previous versions) > > CERT response: > - VU#628411 CAN-2004-0465 > > Read the full advisory for both the vulnerabilities at: > http://www.cirt.dk/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050220/76262047/attachment.html
Powered by blists - more mailing lists