lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 20 Jan 2004 22:26:53 +0100 (MET)
From: "Oliver Karow" <Oliver.Karow@....de>
To: bugtraq@...urityfocus.com
Subject: WebTrends Reporting Center Path Disclosure vulnerability


WebTrends Reporting Center Path Disclosure vulnerability
========================================================


Problem:
========
WebTrends Reporting Center is administrated via a web interface.

It seems to be possible to disclose the physical path to the application.
This
information could be useful to a malicious user wishing to gain
illegal access to resources on the server.

Vulnerable:
===========
WebTrends Reporting Center- Enterprise Edition

Version: 6.1a
Platform: win32
Built: 7591

Exploiting:
===========
http://server:1099/viewreport.pl?profileid=dontexist
(see http://www.oliverkarow.de/research/WT.jpg )

Product Description
===================
See www.webtrends.com for more information :)

Vendor status
=============
Vendor was informed on 05/january/2004, and acknowledged the receiption of
the message....thats all :(

Author:
=======
www.oliverkarow.de

-- 
+++ GMX - die erste Adresse für Mail, Message, More +++
Bis 31.1.: TopMail + Digicam für nur 29 EUR http://www.gmx.net/topmail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ