|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1643 CVE : CVE-2006-5028 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : GuanYu Published : 01.10.2006
Advisory Content : /*-------------------------------------- [PLESK 7.5 Reload (and lower) & PLESK 7.6 for M$ Windows path passing and disclosure] Discovered By: GuanYu Email: guanyu_vn (at) yahoo (dot) com [email concealed] Website: HVA (http://www.vnhacker.org) --------------------------------------*/ -| Description: |- PLESK is a powerful web control panel, site builder... You can see more about it at: http://www.swsoft.com/en/products/plesk/switch/ . So, i have found a security hole - path passing and disclosure - of this product (version [PLESK 7.5 Reload] and [PLESK 7.6 for M$ Windows]) in the file : filemanager.php -| What an attacker can do? |- The attacker can take advantage of this hole to access the parent folder (which he havent authorization). Like this: https://[stie]:8443/filemanager/filemanager.php?cmd=chdir&file=../ That URL will show him (attacker) the parent folder of his "web root" folder. Using more "/../" characters, he'll go to up, up, and up folder so he can gain lot of important info. -| How to fix it? |- Upgrade to the PLESK 8.0 :D. - End - P/S: Sorry about my English, its to bad.  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libopie __readrec() off-by-one
This advisory is related to new FreeBSD advisory FreeBSD-SA-10:05.opie. |
||
| Apache |  |
|
» Apache ActiveMQ 5.4.0 |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2010-04-23| Copyright © SecurityReason.com. All Rights Reserved. |