Info

Disclosure

Aug 14, 2004

Discovery

Aug 12, 2004

Dates

Exploit

Aug 14, 2004

Solution

Unknown

Description

QuiXplorer contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to QuiXplorer not properly sanitizing user input, specifically traversal style attacks (../../) supplied via unspecified variable(s).

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

QuiX project	QuiXplorer	2.3
		2.2
		2.1.1
		2.0
		1.6
		1.5
		1.4
		1.2
		1.1
		1.0

References

Security Tracker: 1010954
Secunia Advisory ID: 12298
Keyword: Directory Traversal
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0203.html
Vendor URL: http://quixplorer.sourceforge.net/
Other Advisory URL: http://www.securiteam.com/unixfocus/5FP0C1PDPA.html

Credit

Cyrille Barthelemy - cb-publicboxifrance.com - Epita SRS

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

QuiX project

QuiXplorer

References

Credit