lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e0gmk5$a27$1@sea.gmane.org>
Date: Thu Mar 30 14:32:14 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: ExplorerXP : Directory Traversal and Cross
	SiteScripting

Jerome Athias wrote:
> ExplorerXP : Directory Traversal and Cross Site Scripting
>
> Software : ExplorerXP

  Some mention of the manufacturer or a link to the mfr's website would have 
helped here.

> Two vulnerabilities have been discovered in ExploreXP, which can be
> exploited by malicious people to conduct directory traversal and Cross
> Site Scripting attacks.
>
> Directory Traversal : http://[target]/dir.php?chemin=../../../
>
> Cross Site Scripting : http://[target]/dir.php?chemin=../<b>Silitix

  The only "ExplorerXP" I can find by googling is a file system viewer / 
file manager.  It doesn't say anything about having a webserver in it. 
Which one are you talking about?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ