Published: 31/12/2003 Updated: 29/07/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 360

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 up to and including 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alt-n webadmin 2.0.0
alt-n webadmin 2.0.1
alt-n webadmin 2.0.2

source: wwwsecurityfocuscom/bid/7438/info Alt-N WebAdmin allows a remote user to access files that they should not be able to access The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system NOTE: The user must have administrative privileges in WebAdmin to access these files ...

source: wwwsecurityfocuscom/bid/7439/info Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server This could allow an attacker to obtain sensitive information wwwexamplecom/WebAdmindll?session=X&Program=MDaemon&D ...

CWE-20 http://www.securityfocus.com/archive/1/319735 http://www.securityfocus.com/bid/7438 http://www.securityfocus.com/bid/7439 http://securityreason.com/securityalert/3286 https://exchange.xforce.ibmcloud.com/vulnerabilities/11875 https://exchange.xforce.ibmcloud.com/vulnerabilities/11874 https://nvd.nist.gov https://www.exploit-db.com/exploits/22541/

CVE-2003-1463

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect