• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PostNuke Blocks Module Directory Traversal Vulnerability

PostNuke Blocks module is affected by a directory traversal vulnerability.

The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application.

An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server.