OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: joetestaHUSHMAIL.COM
Date: Mon Feb 05 2001 - 14:44:59 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Vulnerability in Picserver

        Overview

    Picserver is a specialized webserver available from http://www.informs.com
    and http://www.zdnet.com. A vulnerability exists which allows a remote
    user to break out of the web root using relative paths (ie: '..', '...').

        Details

            http://localhost:7000/../[file outside web root]
            http://localhost:7000/.../[file outside web root]

        Solution

    No quick fix is possible.

        Vendor Status

    Information Management Specialists, Inc. was contacted via
    <pcprodsinforms.com> and <servicesinforms.com> on Monday, January 29,
    2001. No reply was received.

            - Joe Testa ( e-mail: joetestahushmail.com / AIM: LordSpankatron
    )

    IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
    Get your FREE, totally secure email address at http://www.hushmail.com.