lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00d001c5184d$63772bf0$0100a8c0@server>
From: corryl at sitoverde.com (CorryL)
Subject: SD Server 4.0.70 Directory Traversal Bug

..:x0n3-h4ck Italian Security Team:..

/*Advisories*\

*/

Application: SD Server

Url Vendor: http://www.gdsoftware.dk/

Version: <= 4.0.70

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

Email Author: corryl80@...il.com

Url Author: www.x0n3-h4ck.org

*\

{Description}

The SD Server is a easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.


{Bug}

http://victimhost/../../../windows/repair/sam

A remote user succeeds to read the file sam of the system where to be in
execution SD Server.

{Vendor Status}

20/02/2005 Vendor notification

20/02/2005 Vendor response

21/02/2005 Vendor Fix the Bug

{Fix}

In version 4.0.0.72

http://www.gdsoftware.dk/dl_file.asp?link=SDServer 4.0.0.72.zip

CorryL
corryl80@...il.com
www.x0n3-h4ck.org
Italian Security Team

_________________________________
www.seekstat.it is your web stat

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ