Internet Software Solutions Air Messenger LAN Server 3.4.2 - Full Path Disclosure
| EKU-ID: 26463 | CVE: CVE-2001-0788;OSVDB-13973 | OSVDB-ID: |
| Author: SNS Research | Published: 2001-06-18 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26463 | CVE: CVE-2001-0788;OSVDB-13973 | OSVDB-ID: |
| Author: SNS Research | Published: 2001-06-18 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/2881/info Air Messenger LAN Server for Microsoft Windows allows users to exchange phone, pager and email messages through a Web gateway. The path to sensitive files used by AMLServer can be easily obtained by any remote user, simply by examining the webserver's http-header 'Location' field. $ telnet target 80|grep Location Location: http://C:\PROGRA~1\ISS\AIRMES~1\Messages Connection closed by foreign host.