Bugtraq mailing list archives
MetaProducts Offline Explorer Directory Traversal Vulnerability
From: SMedina () IDEFENSE COM (Servio Medina)
Date: Mon, 22 May 2000 17:13:03 -0400
Received word from MetaProducts regarding the recently posted vulnerability in MetaProducts Offline Explorer (Bugtraq ID 1231). According to the vendor: [begin vendor] The download directory is accessible via the internal Web server. It is the only accessible area. However, in versions 1.0 - 1.2 if a URL http://127.0.0.1:800/./../../ is entered, it is possible to get to a directory outside the download directory. This problem was fixed in OE 1.3 Beta 1 version, and therefore in all later versions as well. You can no longer access any areas outside the download directory. The best workaround, of course, would be to download our latest version. (v1.3 or greater.) Best regards, | Robert J. Atwell Jr. | MetaProducts Corporation | Robert.Atwell () metaproducts com | www.metaproducts.com [end vendor] Cheers, Servio F. Medina --- Information Security Analyst www.idefense.com
Current thread:
- Re: Fwd: [nohack] Yet another way to disguise files. Dan Harkless (May 17)
- Re: Fwd: [nohack] Yet another way to disguise files. Larry Olin Horn (May 18)
- Nasty XFree Xserver DoS Chris Evans (May 18)
- MetaProducts Offline Explorer Directory Traversal Vulnerability Servio Medina (May 22)
- Vulnerability in infosrch.cgi SGI Security Coordinator (May 22)
- Re: Nasty XFree Xserver DoS Weston Pawlowski (May 22)
- <Possible follow-ups>
- Re: Fwd: [nohack] Yet another way to disguise files. Dan Harkless (May 18)
- [RHSA-2000:028-02] Netscape 4.73 available bugzilla () REDHAT COM (May 19)
- Black Watch Labs Vulnerability Alert Black Watch Labs (May 19)
- Black Watch Labs Vulnerability Alert Black Watch Labs (May 19)
- Re: Fwd: [nohack] Yet another way to disguise files. mock () ACTIVESTATE COM (May 19)