WQuinn DiskAdvisor 4.1 Directory Listing Disclosure Vulnerability

Any user without administrative or power user privileges is capable of reading a complete listing of all known files and their physical locations on a NT system running WQuinn DiskAdvisor 4.1 by running a report through this particular application. This also includes a read out of administrative shares. However, the exploit does not grant the user the capability to read the contents of the files.

Update (October 17, 2000): Although it was stated in the Delphis advisory that QuotaAdvisor was susceptible to this vulnerability, it is actually the product DiskAdvisor that is vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus