NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-07

From: ByteRage (byterageyahoo.com)
Date: Sun Jul 01 2001 - 11:30:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AFFECTED SYSTEMS

ArGoSoft 1.2.2.2

DESCRIPTION

ArGoSoft also has the *.lnk upload directory traversal
vulnerability :

PUT \local.lnk remote.lnk.

IMPACT
users with write permissions can traverse directories,
by uploading a lnk file pointing to the desired file /
directory

VENDOR STATUS

I have sent this advisory to <supportargosoft.com>

=======================================================
[ByteRage] <byterageyahoo.com> [www.byterage.cjb.net]
=======================================================

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]