Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linuxstat | Ryszard_pydo | 0.90 (including) | 0.90 (including) |
| Linuxstat | Ryszard_pydo | 0.94 (including) | 0.94 (including) |
| Linuxstat | Ryszard_pydo | 2.0 (including) | 2.0 (including) |
| Linuxstat | Ryszard_pydo | 2.0_beta (including) | 2.0_beta (including) |
| Linuxstat | Ryszard_pydo | 2.0_beta2 (including) | 2.0_beta2 (including) |
| Linuxstat | Ryszard_pydo | 2.1 (including) | 2.1 (including) |
| Linuxstat | Ryszard_pydo | 2.2 (including) | 2.2 (including) |
| Linuxstat | Ryszard_pydo | 2.3 (including) | 2.3 (including) |
References
- http://secunia.com/advisories/12963
- http://securitytracker.com/id?1011920
- http://sourceforge.net/project/shownotes.php?release_id=277371
- http://www.osvdb.org/11103
- http://www.securityfocus.com/bid/11517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17833
- http://secunia.com/advisories/12963
- http://securitytracker.com/id?1011920
- http://sourceforge.net/project/shownotes.php?release_id=277371
- http://www.osvdb.org/11103
- http://www.securityfocus.com/bid/11517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17833