| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2571D31D42513640AE1632FEE100E0E40246F1F7@hypercom.defense.local> Date: Tue, 2 Sep 2008 15:21:49 -0500 From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert@...frontline.com> To: <vuln@...unia.com>, <full-disclosure@...ts.grok.org.uk> Subject: DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal Title ------ DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal Severity -------- Medium Date Discovered --------------- July 1, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r@...$ Vulnerability Description ------------------------- PageR Enterprise is a centralized device / server event monitoring system. The PageR Enterprise server web interface is vulnerable to a common web directory traversal attack. Successful eploitation will result in arbitrary read-only file access outside of the PageR Enterprise web root. Solution Description -------------------- AVTECH has addressed this flaw in PageR version 5.0.7, which was available for public use on August 13, 2008. Tested Systems / Software (with versions) ------------------------------------------ Tested against PageR Enterprise/4.3.7 running on a Microsoft Windows 2000 system. Other versions of PageR Enterprise may be vulnerable. Vendor Contact -------------- Name: AVTECH Website: http://avtech.com/ Contact Information: Info@...ECH.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists