Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a %2E. (mixed encoding) in the pg parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Guppy | Guppy | 2.4 (including) | 2.4 (including) |
| Guppy | Guppy | 2.4_p1 (including) | 2.4_p1 (including) |
| Guppy | Guppy | 2.4_p3 (including) | 2.4_p3 (including) |
| Guppy | Guppy | 2.4_p4 (including) | 2.4_p4 (including) |
| Guppy | Guppy | 4.5 (including) | 4.5 (including) |
| Guppy | Guppy | 4.5.3 (including) | 4.5.3 (including) |
| Guppy | Guppy | 4.5.3a (including) | 4.5.3a (including) |
| Guppy | Guppy | 4.5.4 (including) | 4.5.4 (including) |
| Guppy | Guppy | 4.5.9 (including) | 4.5.9 (including) |
| Guppy | Guppy | 4.5.10 (including) | 4.5.10 (including) |
| Guppy | Guppy | 4.5.11 (including) | 4.5.11 (including) |
References
- http://secunia.com/advisories/19222
- http://securityreason.com/securityalert/569
- http://securitytracker.com/id?1015753
- http://www.freeguppy.org/?lng=en
- http://www.kapda.ir/advisory-291.html
- http://www.osvdb.org/23846
- http://www.osvdb.org/23993
- http://www.securityfocus.com/archive/1/427329/100/0/threaded
- http://www.securityfocus.com/bid/17068
- http://www.vupen.com/english/advisories/2006/0936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25141
- http://secunia.com/advisories/19222
- http://securityreason.com/securityalert/569
- http://securitytracker.com/id?1015753
- http://www.freeguppy.org/?lng=en
- http://www.kapda.ir/advisory-291.html
- http://www.osvdb.org/23846
- http://www.osvdb.org/23993
- http://www.securityfocus.com/archive/1/427329/100/0/threaded
- http://www.securityfocus.com/bid/17068
- http://www.vupen.com/english/advisories/2006/0936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25141