[NT] Directory Traversal bug in QuickFront Webserver
From: support@securiteam.com
Date: 04/21/03
- Previous message: support@securiteam.com: "[UNIX] Monkey HTTP Daemon Remote Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 21 Apr 2003 19:07:24 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
In the US?
Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!
Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -
Directory Traversal bug in QuickFront Webserver
------------------------------------------------------------------------
SUMMARY
<http://www.matriks.com/> Quickfront "will help you to capture emails
that flow through your organization. QuickFront offers you to do full text
searches on all these mails and view them with your internet browser". A
directory traversal vulnerability in the product allows remote attackers
to view the content of files that reside outside the bounding HTML root
directory.
DETAILS
Vulnerable systems:
* QuickFront web server version 1.0.0.189
When attacker sends a request to server in the following form:
The server will return the boot.ini file.
Solution:
ADDITIONAL INFORMATION
The information has been provided by <mailto:jkachlik@isgroup.com>
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
http://
Vendor was contacted on 11/03/2003. The solution is to install latest
version 2002.0.02.0916.
Kachlik Jan.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... malicious script that is hosted on an attacker-controlled server. ... There's a file inclusion vulnerability in the /includes/header.php file, ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... highly configurable Web server written in C++ and available for Windows ... A buffer overflow vulnerability allows remote ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... that enable you to host your own web server, e-mail server, FTP server and ... vulnerability caused by the product's improper handling of malformed ...
(Securiteam)
... Cold Fusion CFRETHROW Exploit ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... attackers that are able to create template files to cause the server to ... This vulnerability can be easily reproduced by using Cold Fusion 5 and two ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Latest attack techniques. ... The package contains two perl scripts for server and client hosts: ...
(Securiteam)
