Info

Disclosure

Apr 13, 2001

Discovery

Unknown

Dates

Exploit

Apr 13, 2001

Solution

Unknown

Description

QVT/Term contains a flaw that allows a remote attacker to access arbitrary fles and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP command.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

QPC Software	QVT/Term	4.3
		5.0
		5.1

References

Related OSVDB ID: 1794
CVE ID: 2001-0680 (see also: NVD)
Bugtraq ID: 2618
ISS X-Force ID: 6375
Keyword: Directory Traversal
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0231.html
http://archives.neohapsis.com/archives/bugtraq/2001-09/0216.html
Vendor URL: http://www.qpc.com/

Credit

Strumpf Noir Society - vuln-devgreyhack.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

QPC Software

QVT/Term

References

Credit