Free Peers BearShare Directory Traversal Vulnerability
Free Peers Inc. BearShare is a Windows-based file-sharing utility.
Under certain configurations and platforms, versions of BearShare are prone to directory-traversal attacks.
Although the product's website feature does filter '/../' sequences (which are commonly effective in traversal attacks), an attacker could construct a path expression that will bypass the product's input validation.
As a result, BearShare's website feature, if enabled, can permit a remote attacker to traverse the webserver's directory structure and request files from outside the web root.
Note that this vulnerability does not appear to affect Windows 2000 installations of BearShare.