• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FTGate Directory Traversal Vulnerability

Certain versions of the FTGate Advanced Mail Server have a vulnerability in their web based administration interface. The vulnerability is that the webserver allows users to traverse the directory structure outside of the Webroot directory.

Therefore malicious users may read files outside of their permitted areas, including but not limited to private email and password files.