Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://aluigi.altervista.org/adv/barradrive-adv.txt - Exploit | |
References | () http://secunia.com/advisories/28032 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/3434 - | |
References | () http://www.securityfocus.com/archive/1/484833/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/26805 - Exploit, Patch |
Information
Published : 2007-12-12 00:46
Updated : 2024-11-21 00:39
NVD link : CVE-2007-6317
Mitre link : CVE-2007-6317
CVE.ORG link : CVE-2007-6317
JSON object : View
Products Affected
real_time_logic
- barracudadrive_web_server
- barracudadrive_web_server_home_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')