[20475] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Vulnerability in WebXQ Server

daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)
Fri Apr 27 01:56:06 2001

Content-type: multipart/mixed;
              boundary="Hushpart_boundary_BoqSCniZStTdHLFsLGhFSiiJkNVIHOvj"
Mime-version: 1.0
Message-ID:  <200104261646.JAA15728@user7.hushmail.com>
Date:         Thu, 26 Apr 2001 12:49:38 -0800
Reply-To: joetesta@HUSHMAIL.COM
From: joetesta@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM

--Hushpart_boundary_BoqSCniZStTdHLFsLGhFSiiJkNVIHOvj
Content-type: text/plain

----- Begin Hush Signed Message from joetesta@hushmail.com -----

Vulnerability in WebXQ Server



    Overview

WebXQ v2.1.204 is a web server available from http://www.datawizard.net.
A vulnerability exists which allows a remote user to break out of the
ftp root.



    Details

The following URL demonstrates the problem:

    http://localhost/./.../[any file outside web root]



    Solution

Vendor has released v2.1.205 which fixes this problem.  It is available
at:
http://www.datawizard.net/Free_Software/WebXQ_Free/webxq_free.htm



    Vendor Status

DataWizard Technologies was contacted via <webxq@datawizard.net> on
Wednesday, April 25, 2001.  The problem was corrected the next day.



    - Joe Testa

e-mail:   joetesta@hushmail.com
web page: http://hogs.rit.edu/~joet
AIM:      LordSpankatron


----- Begin Hush Signature v1.3 -----
HfcK0KsDvkUZwYMIi9UofHt3sjf4TsjPUmeaGtAeaea7iJPJTLV0yAeeMMSquPGVfEId
6JrmzzK+4ZLl4zEpD0L3DK28ay68HLfy7SuwbV6wKcESfdhdd3Ox8qZoXfEH/zKdylby
ONnHoMHHXmLjpJKmG+LFBKKx9LfhTlgGwXdVzwDVajCnO4IQ4tx0Sv3/ddHct3kQ97V7
HMWFiX1juEsUov/aYg0+d/u4y7DQWZyx1ImFIy2qY3c6l1sMRJF5zNkWuyb3LJTyCfck
30x4uCGfmq/7/mEXKgnbIKAZfVlYN+OZMMo5EszIRrR1YiJwK0tujwG86+8HyNOqG2aE
UyosFcdHEKN0XNifMT7Lh4E/plQ8UEku6Q7nQ4BRPZmzQJfrkW1Gned9ZH+uKsmBJSyg
yd/jPyhfJCQfL9dQvpwpv5W+AB1rQQFuQbDvq9IAwAFmEAZ110Yg0GF5IA1q18JfLjna
RYwGMiEvC7E7kUA4NDKVyitcmPYHwqZlSSnqj1Je87aA
----- End Hush Signature v1.3 -----


This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools


Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_BoqSCniZStTdHLFsLGhFSiiJkNVIHOvj--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20475] in bugtraq

Vulnerability in WebXQ Server

daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)Fri Apr 27 01:56:06 2001

daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)
Fri Apr 27 01:56:06 2001