source: https://www.securityfocus.com/bid/10260/info
Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks.
An attacker can exploit this issue by sending directory traversal sequences and requesting a file through a vulnerable parameter of one of the affected modules.
Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 are also vulnerable to this issue as Microsoft re-distributes Crystal Reports.
http://www.example.com/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txtData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation