[20834] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Acme.Server v1.7 of 13nov96 Directory Browsing

daemon@ATHENA.MIT.EDU (Adnan Rahman)
Fri Jun 1 17:03:52 2001

Message-ID: <00a301c0ea11$10687a40$a77eabc1@vcgraz.ac.at>
From: "Adnan Rahman" <adnan.rahman@as19.org>
To: <bugtraq@securityfocus.com>
Date: Thu, 31 May 2001 22:34:16 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

----------------------------------------------------------------------
Date: 31.05.2001
Affected Software: Acme.Serve v1.7 of 13nov96 (http://www.acme.com)
Exploit: Browsing of directories and files allowed to unauthorized users
Keywords: Cisco Secure Administration, Netscape FastTrack, ...
Contact: AS19 Team (info@as19.org)
----------------------------------------------------------------------

Platforms: Sun + Unix

Details: Connect to http://potentialvictim:9090/// and you should have
access to the root dir of the machine running Acme.Serve 1.7.
http://potentialvictim:9090//etc/shadow and you can view the hash. You have
r00t privilegies.

Greetings, AS19 Team (http://www.as19.org)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20834] in bugtraq

Acme.Server v1.7 of 13nov96 Directory Browsing

daemon@ATHENA.MIT.EDU (Adnan Rahman)Fri Jun 1 17:03:52 2001

daemon@ATHENA.MIT.EDU (Adnan Rahman)
Fri Jun 1 17:03:52 2001