TITLE:
byteHoard Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA10028

VERIFY ADVISORY:
http://www.secunia.com/advisories/10028/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
byteHoard 0.x

DESCRIPTION:
A vulnerability has been reported in byteHoard allowing malicious
users to gain knowledge of sensitive information.

The problem is that the "infolder" parameter in "index.php" isn't
properly verified. This can be exploited to view arbitrary files with
the web service's privileges via directory traversal attacks using
the "../" character sequence.

The vulnerability has been reported in version 0.7. Prior versions
may also be affected.

SOLUTION:
Update to version point.seven.one (0.71):
http://sourceforge.net/project/showfiles.php?group_id=90199&release_id=191664

REPORTED BY / CREDITS:
Ezhilan, Sintelli.

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web  : http://www.secunia.com/
E-mail  : support@secunia.com
Tel  : +45 7020 5144
Fax  : +45 7020 5145

----------------------------------------------------------------------