[UNIX] Kebi Academy 2001 Web Solution Directory Traversing Vulnerability

From: support@securiteam.com
Date: 03/17/03

  • Next message: support@securiteam.com: "[UNIX] Cryptographic Weaknesses in Kerberos v4 Protocol"
    From: support@securiteam.com
    To: list@securiteam.com
    Date: 17 Mar 2003 19:06:07 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    In the US?

    Contact Beyond Security at our new California office
    housewarming rates on automated network vulnerability
    scanning. We also welcome ISPs and other resellers!

    Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
    - - - - - - - - -

      Kebi Academy 2001 Web Solution Directory Traversing Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

    Kebi Webmail is a Web mail server that is part of the Korean Kebi
    Community solutions software package. Kebi Community version 1.0,
    enterprise and academy editions, allows a remote attacker to view and
    execute files that are stored outside the bounding HTML root directory
    (exploiting a directory traversal vulnerability).

    DETAILS

    The vulnerability occurs because the program does not filter out "../"
    from the homepage parameter (user provided data). The vulnerability would
    allow a remote attacker to either view the files, or execute them (for
    example files that have a PHP suffix).

    Exploit:
    http://target.com/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:xploit@hackermail.com>
    dong-h0un U.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: support@securiteam.com: "[UNIX] Cryptographic Weaknesses in Kerberos v4 Protocol"

    Relevant Pages

    • [UNIX] DSH HOME Environment Buffer Overflow
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get Thawte's New Step-by-Step SSL Guide for MSIIS ... This vulnerability will allow attackers to cause the product crash. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NT] RSA ClearTrust Cross Site Scripting Issues
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The RSA ClearTrust is a Web access ... A cross-site scripting vulnerability in the product allows an attacker to ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NEWS] Directory Traversal Vulnerability in Phpimglist
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Phpimglist creates a gallery images from a certain directory. ... There is a vulnerability in phpimglist which allows a user to traverse ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] Owl Intranet Engine Security Bypassing
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Owl is a multi user document repository ... A vulnerability in the product allows remote attackers to ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] Zeroo Webserver Remote Directory Traversal Exploit
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerability> Zeroo Folder Traversal Vulnerability, ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)