[21286] in bugtraq
ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
daemon@ATHENA.MIT.EDU (ByteRage)
Mon Jul 2 05:36:30 2001
Message-ID: <20010701163035.25686.qmail@web13003.mail.yahoo.com>
Date: Sun, 1 Jul 2001 09:30:35 -0700 (PDT)
From: ByteRage <byterage@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AFFECTED SYSTEMS
ArGoSoft 1.2.2.2
DESCRIPTION
ArGoSoft also has the *.lnk upload directory traversal
vulnerability :
PUT \local.lnk remote.lnk.
IMPACT
users with write permissions can traverse directories,
by uploading a lnk file pointing to the desired file /
directory
VENDOR STATUS
I have sent this advisory to <support@argosoft.com>
=======================================================
[ByteRage] <byterage@yahoo.com> [www.byterage.cjb.net]
=======================================================
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
