HP SiteScope UploadFilesHandler Directory Traversal Vulnerability

HP SiteScope is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to upload arbitrary files to the server.

Exploiting this issue may allow an attacker to upload arbitrary files to the server that could aid in further attacks.


Privacy Statement
Copyright 2010, SecurityFocus