lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAA5jaRvb1n9rZboATMQyJiq8Dk0sKCst7NMAZ_Z4iY7p9G-5eQ@mail.gmail.com> Date: Thu, 27 Nov 2014 11:02:34 +1300 From: DS MailingList <ds.mailinglist.x@...il.com> To: fulldisclosure@...lists.org Subject: [FD] FileVista < v6.0.8.0 Insecure zip file handling Hi list, FileVista is an IIS package which installs a file server onto Windows Server systems. More information can be obtained from their website at http://www.gleamtech.com/filevista. CVE-2014-8788: The zip file handling routines in FileVista leaks internal paths when users attempt to write a zip file to a path in which the FileVista user account does not have Write access to. The internal path is the path at which FileVista is installed onto ("c:\\inetpub\\wwwroot\\FileVista" by default). CVE-2014-8789: The zip file extraction routine does not validate the stated path of the extracted files. Malicious users may modify the contents of the zip file to cause the constituent files to be extracted above the normal zip file root path. In certain misconfigurations, this could cause the user to write aspx files to the "wwwroot/FileVista" directory and execute arbitrary code. GleamTech has released a new version of the FileVista software (v6.1) which addresses the above issues. /DS _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists