Bugtraq mailing list archives

URL Live! 1.0 WebServer

From: shadowpenguin () BACKSECTION NET (UNYUN)
Date: Thu, 28 Oct 1999 23:04:54 +0900


Hello

URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific
Software Publishing, Inc. (http://www.urllive.com/) also has a "../"
security problem, any users can download any files on the victim host.

example:
http://www.xxx.yy.jp/../../../../config.sys

-----
 The Shadow Penguin Security (http://shadowpenguin.backsection.net)
 Webmaster / UNYUN (shadowpenguin () backsection net)

Current thread:

Re: Fix for ssh-1.2.27 symlink/bind problem, (continued)
- - - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 25)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 25)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
    - ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
    - Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
    - AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)
    - DoS attack for ircd's by oversized PTR record Goblin (Oct 29)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 29)
    - URL Live! 1.0 WebServer UNYUN (Oct 28)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 26)
    - Falcon Web Server Advisory (Oct 26)