----------------------------------------------------------------------



Secunia integrated with Microsoft WSUS 
http://secunia.com/blog/71/



----------------------------------------------------------------------

TITLE:
Accellion File Transfer Appliance Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA38538

VERIFY ADVISORY:
http://secunia.com/advisories/38538/

DESCRIPTION:
A vulnerability has been reported in Accellion File Transfer
Appliance, which can be exploited by malicious people to disclose
sensitive information.

Input passed to the "lang" parameter in web_client_user_guide.html is
not properly sanitised before being used to read files. This can be
exploited to read arbitrary files from local resources via directory
traversal attacks.

NOTE: A command injection requiring administrative credentials has
also been reported.

The vulnerability is reported in version 7_0_259. Other versions may
also be affected.

SOLUTION:
Upgrade to version 8_0_105 or later.

PROVIDED AND/OR DISCOVERED BY:
Tim Brown, Portcullis Computer Security

ORIGINAL ADVISORY:
http://www.portcullis-security.com/340.php

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------