Hosting Controller Directory Traversal Vulnerability

A vulnerability exists in Hosting Controller which may allow a remote attacker to display arbitrary directories and files.

Reportedly, Hosting Controller is prone to directory traversal attacks. By appending 'filepath=driveletter:\' to a web request, it is possible for an attacker to break out of root and browse the filesystem of the host.


Privacy Statement
Copyright 2010, SecurityFocus