Bugtraq mailing list archives

Re: CommuniGate Pro directory listings

From: <tfm () tfm org>
Date: Wed, 3 Jul 2002 11:28:06 +0200

Hi, it's not working on 3.5.9 (not a beta release) :
Verified on Linux and Solaris.

TfM

----- Original Message -----
From: <c0rrect0r () hushmail com>
To: <bugtraq () securityfocus com>
Sent: Tuesday, July 02, 2002 7:56 AM
Subject: CommuniGate Pro directory listings

Problem:
An anonymous user can see the listing of the current and parent directory

of CommuniGatePro WebUser directory.

Vulnerable:
All current versions of CommuniGatePro <= 4.0b4
Details:
You can get the listing of directory by accessing the CommuiGatePro

webmail for example http://host.com/. or http://host.com/..

Attachment: cgp_dir.txt
Description:

Current thread:

CommuniGate Pro directory listings c0rrect0r (Jul 02)
- Re: CommuniGate Pro directory listings tfm (Jul 03)