OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: joetestaHUSHMAIL.COM
Date: Thu Apr 26 2001 - 15:49:38 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Begin Hush Signed Message from joetestahushmail.com -----

    Vulnerability in WebXQ Server

        Overview

    WebXQ v2.1.204 is a web server available from http://www.datawizard.net.
    A vulnerability exists which allows a remote user to break out of the
    ftp root.

        Details

    The following URL demonstrates the problem:

        http://localhost/./.../[any file outside web root]

        Solution

    Vendor has released v2.1.205 which fixes this problem. It is available
    at:
    http://www.datawizard.net/Free_Software/WebXQ_Free/webxq_free.htm

        Vendor Status

    DataWizard Technologies was contacted via <webxqdatawizard.net> on
    Wednesday, April 25, 2001. The problem was corrected the next day.

        - Joe Testa

    e-mail: joetestahushmail.com
    web page: http://hogs.rit.edu/~joet
    AIM: LordSpankatron

    ----- Begin Hush Signature v1.3 -----
    HfcK0KsDvkUZwYMIi9UofHt3sjf4TsjPUmeaGtAeaea7iJPJTLV0yAeeMMSquPGVfEId
    6JrmzzK+4ZLl4zEpD0L3DK28ay68HLfy7SuwbV6wKcESfdhdd3Ox8qZoXfEH/zKdylby
    ONnHoMHHXmLjpJKmG+LFBKKx9LfhTlgGwXdVzwDVajCnO4IQ4tx0Sv3/ddHct3kQ97V7
    HMWFiX1juEsUov/aYg0+d/u4y7DQWZyx1ImFIy2qY3c6l1sMRJF5zNkWuyb3LJTyCfck
    30x4uCGfmq/7/mEXKgnbIKAZfVlYN+OZMMo5EszIRrR1YiJwK0tujwG86+8HyNOqG2aE
    UyosFcdHEKN0XNifMT7Lh4E/plQ8UEku6Q7nQ4BRPZmzQJfrkW1Gned9ZH+uKsmBJSyg
    yd/jPyhfJCQfL9dQvpwpv5W+AB1rQQFuQbDvq9IAwAFmEAZ110Yg0GF5IA1q18JfLjna
    RYwGMiEvC7E7kUA4NDKVyitcmPYHwqZlSSnqj1Je87aA
    ----- End Hush Signature v1.3 -----

    This message has been signed with a Hush Digital Signature.
    To verify the signature, please go to www.hush.com/tools

    Free, encrypted, secure Web-based email at www.hushmail.com