5
CVSSv2

CVE-2004-1444

Published: 31/12/2004 Updated: 11/07/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in Roundup 0.6.4 and previous versions allows remote malicious users to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

Vulnerable Product Search on Vulmon Subscribe to Product

roundup-tracker roundup

roundup-tracker roundup 0.6.0

roundup-tracker roundup 0.5.4

roundup-tracker roundup 0.5.1

roundup-tracker roundup 0.4.1

roundup-tracker roundup 0.4.2

roundup-tracker roundup 0.3.0

roundup-tracker roundup 0.2.1

roundup-tracker roundup 0.2.7

roundup-tracker roundup 0.1.1

roundup-tracker roundup 0.6.1

roundup-tracker roundup 0.5.7

roundup-tracker roundup 0.5.8

roundup-tracker roundup 0.5.0

roundup-tracker roundup 0.2.5

roundup-tracker roundup 0.2.2

roundup-tracker roundup 0.2.3

roundup-tracker roundup 0.1.2

roundup-tracker roundup 0.5.5

roundup-tracker roundup 0.5.6

roundup-tracker roundup 0.5.3

roundup-tracker roundup 0.4.0

roundup-tracker roundup 0.2.8

roundup-tracker roundup 0.2.6

roundup-tracker roundup 0.6.3

roundup-tracker roundup 0.6.2

roundup-tracker roundup 0.5.9

roundup-tracker roundup 0.5

roundup-tracker roundup 0.5.2

roundup-tracker roundup 0.2.0

roundup-tracker roundup 0.2.4

roundup-tracker roundup 0.1.0

roundup-tracker roundup 0.1.3

Exploits

source: wwwsecurityfocuscom/bid/10495/info Roundup is prone to a remote file disclosure vulnerability A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '/' directory traversal sequences This vulnerability affects Roundup 0611 and prior versions GET /cit/@@file/////etc/passwd ...