ScreamingMedia SiteWare File Disclosure Vulnerability

Due to a flaw in SiteWare Editor's Desk, it is possible for a user to gain read access of known files residing on a SiteWare host. This is accomplished by crafting a URL containing double dot '../' sequences along with the relative path to a known file.


 

Privacy Statement
Copyright 2010, SecurityFocus