[CIRT.DK - Advisory 37] TAC Vista Webstation 3.0 Directory Traversal bug in webinterface

["CIRT.DK Advisory" <advisory () cirt dk>]

TAC Vista is based on open technologies, TAC VistaR is one of the most
advanced software solutions for building automation. 
TAC Vista efficiently and economically controls, checks and analyzes all
building operations, allowing system operators to control and monitor entire
systems on site or from remote locations. 

The Web application is running on a Microsoft IIS 5.0 Server in this case. 

The problem is occurring in the input field of where the Template is called,
resulting in the possibility to traverse into other parts of the system.

Read the full Advisory at http://www.cirt.dk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/