Full Disclosure mailing list archives
DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Tue, 2 Sep 2008 15:21:49 -0500
Title ------ DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal Severity -------- Medium Date Discovered --------------- July 1, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r@b13$ Vulnerability Description ------------------------- PageR Enterprise is a centralized device / server event monitoring system. The PageR Enterprise server web interface is vulnerable to a common web directory traversal attack. Successful eploitation will result in arbitrary read-only file access outside of the PageR Enterprise web root. Solution Description -------------------- AVTECH has addressed this flaw in PageR version 5.0.7, which was available for public use on August 13, 2008. Tested Systems / Software (with versions) ------------------------------------------ Tested against PageR Enterprise/4.3.7 running on a Microsoft Windows 2000 system. Other versions of PageR Enterprise may be vulnerable. Vendor Contact -------------- Name: AVTECH Website: http://avtech.com/ Contact Information: Info () AVTECH com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal DDI_Vulnerability_Alert (Sep 03)