11 lines
No EOL
540 B
Text
11 lines
No EOL
540 B
Text
source: https://www.securityfocus.com/bid/1278/info
|
|
|
|
A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string.
|
|
|
|
In addition, requesting a URL appended with "../" and an unusually long character string will return an error message disclosing the full path of the Mailtraq installation directory.
|
|
|
|
Directory traversal vulnerability:
|
|
http: //target/../../knowndirectory/
|
|
|
|
Path disclosure vulnerability:
|
|
http: //target/../<very long character string> |