Bytehoard prior to version 0.7 contains a remote directory traversal vulnerability which allows file access. Fix available here.
760815350b650ce7eb514ab12b531b4c537b4bedcea9a916151c97bbdecab0de
TITLE:
byteHoard Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA10028
VERIFY ADVISORY:
http://www.secunia.com/advisories/10028/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
byteHoard 0.x
DESCRIPTION:
A vulnerability has been reported in byteHoard allowing malicious
users to gain knowledge of sensitive information.
The problem is that the "infolder" parameter in "index.php" isn't
properly verified. This can be exploited to view arbitrary files with
the web service's privileges via directory traversal attacks using
the "../" character sequence.
The vulnerability has been reported in version 0.7. Prior versions
may also be affected.
SOLUTION:
Update to version point.seven.one (0.71):
http://sourceforge.net/project/showfiles.php?group_id=90199&release_id=191664
REPORTED BY / CREDITS:
Ezhilan, Sintelli.
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------