Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Surgeldap | Netwin | 1.0d (including) | 1.0d (including) |
| Surgeldap | Netwin | 1.0e (including) | 1.0e (including) |
| Surgeldap | Netwin | 1.0g (including) | 1.0g (including) |
References
- http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt
- http://secunia.com/advisories/11343
- http://www.securityfocus.com/bid/10103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15851
- http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt
- http://secunia.com/advisories/11343
- http://www.securityfocus.com/bid/10103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15851