MetaProducts Offline Explorer File System Disclosure Vulnerability

MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.

It is possible to view the full contents of the directory structure of a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve a directory listing and browse its contents without any authorization whatsoever by issuing a GET request followed by a corresponding physical or logical drive letter.


will reveal a directory listing for drive C.


Privacy Statement
Copyright 2010, SecurityFocus