|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] byteHoard "files.inc.php" Directory Traversal Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Oct 29 2003 - 03:53:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
byteHoard "files.inc.php" Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA10082
VERIFY ADVISORY:
http://www.secunia.com/advisories/10082/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
byteHoard 0.x
DESCRIPTION:
A vulnerability has been reported in byteHoard allowing malicious
people to conduct directory traversals.
The problem is that "files.inc.php" allows malicious people to browse
arbitrary directories.
SOLUTION:
This appears to be fixed in version 0.8.2 (point.eight.two):
http://sourceforge.net/project/showfiles.php?group_id=90199&release_id=193926
Protect byteHoard with .htaccess or similar to ensure that only
trused users can access the application.
REPORTED BY / CREDITS:
Chris Sharp
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]