----- Begin Hush Signed Message from [EMAIL PROTECTED] -----
Vulnerability in WebXQ Server
Overview
WebXQ v2.1.204 is a web server available from http://www.datawizard.net.
A vulnerability exists which allows a remote user to break out of the
ftp root.
Details
The following URL demonstrates the problem:
http://localhost/./.../[any file outside web root]
Solution
Vendor has released v2.1.205 which fixes this problem. It is available
at:
http://www.datawizard.net/Free_Software/WebXQ_Free/webxq_free.htm
Vendor Status
DataWizard Technologies was contacted via <[EMAIL PROTECTED]> on
Wednesday, April 25, 2001. The problem was corrected the next day.
- Joe Testa
e-mail: [EMAIL PROTECTED]
web page: http://hogs.rit.edu/~joet
AIM: LordSpankatron
----- Begin Hush Signature v1.3 -----
HfcK0KsDvkUZwYMIi9UofHt3sjf4TsjPUmeaGtAeaea7iJPJTLV0yAeeMMSquPGVfEId
6JrmzzK+4ZLl4zEpD0L3DK28ay68HLfy7SuwbV6wKcESfdhdd3Ox8qZoXfEH/zKdylby
ONnHoMHHXmLjpJKmG+LFBKKx9LfhTlgGwXdVzwDVajCnO4IQ4tx0Sv3/ddHct3kQ97V7
HMWFiX1juEsUov/aYg0+d/u4y7DQWZyx1ImFIy2qY3c6l1sMRJF5zNkWuyb3LJTyCfck
30x4uCGfmq/7/mEXKgnbIKAZfVlYN+OZMMo5EszIRrR1YiJwK0tujwG86+8HyNOqG2aE
UyosFcdHEKN0XNifMT7Lh4E/plQ8UEku6Q7nQ4BRPZmzQJfrkW1Gned9ZH+uKsmBJSyg
yd/jPyhfJCQfL9dQvpwpv5W+AB1rQQFuQbDvq9IAwAFmEAZ110Yg0GF5IA1q18JfLjna
RYwGMiEvC7E7kUA4NDKVyitcmPYHwqZlSSnqj1Je87aA
----- End Hush Signature v1.3 -----
This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools
Free, encrypted, secure Web-based email at www.hushmail.com
