/hvaonline/posts/list/13.html JForum - http://www.jforum.net Vulnerable version: Plesk Plesk Reload 7.5, Plesk Plesk for Windows 7.6 Description: PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. Versions 7.5 Reload and prior, and 7.6 for windows are vulnerable to this issue; other versions may also be affected. Exploit: Attackers may exploit this vulnerability via a web client. An example URI has been provided: https://www.example.com:8443/filemanager/filemanager.php?cmd=chdir&file=../ Solution: Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com. Reportedly, the vendor has released fixes to address this issue. Symantec has not confirmed this. Nguồn: SecurityFocus http://www.securityfocus.com/bid/20155) :wink: :wink: ]]> /hvaonline/posts/list/4318.html#25536 /hvaonline/posts/list/4318.html#25536 GMT Credit: GuanYu is credited with the discovery of this vulnerability.  :)) ]]> /hvaonline/posts/list/4318.html#25560 /hvaonline/posts/list/4318.html#25560 GMT