Roundup 0.5/0.6 - Remote File Disclosure
| EKU-ID: 29594 | CVE: CVE-2004-1444;OSVDB-6691 | OSVDB-ID: |
| Author: Vickenty Fesunov | Published: 2004-06-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29594 | CVE: CVE-2004-1444;OSVDB-6691 | OSVDB-ID: |
| Author: Vickenty Fesunov | Published: 2004-06-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/10495/info Roundup is prone to a remote file disclosure vulnerability. A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences. This vulnerability affects Roundup 0.6.11 and prior versions. GET /cit/@@file/../../../../etc/passwd HTTP/1.0