Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

DSECRG-08-028.txt

🗓️ 17 Jul 2008 00:00:00Reported by Digital Security Research GroupType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Velocity web-server directory traversal vulnerability. Old Version 1.0. No updates available

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
  
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-028  
  
  
Application: Velocity web-server (a part of Velocity Security Management System)  
Versions Affected: Old version 1.0  
Vendor URL: http://hirschelectronics.com  
Bugs: Directory traversal File Download  
Exploits: YES  
Reported: 03.03.2008  
Second report: 14.03.2008  
Vendor response: 14.03.2008  
Solution: No updates for this Version. Download new version.  
Date of Public Advisory: 16.07.2008  
Authors: Digital Security Research Group [DSecRG]  
  
  
Description  
***********  
  
Velocity web-server has critical directory traversal vulnerability  
  
  
Details  
*******  
  
  
  
Directory traversal vulnerability find in Velocity web-server  
Attacker can exploit this by sending a url with url directory traversal  
  
  
  
  
Example:  
  
  
  
http://[server]:[port]/../../../../../../../../../../../../../etc/passwd  
  
  
  
  
  
Fix Information  
***************  
  
  
Version 1.0 is very old and dont have updates. If you have this  
version please it Download the last version on http://hirschelectronics.com  
  
  
  
  
  
About  
*****  
  
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.  
  
  
Contact: research [at] dsec [dot] ru  
http://www.dsec.ru (in Russian)  
  
  
  
  
  
  
  
  
  
  
  
  
  
Polyakov Alexandr  
Information Security Analyst  
______________________  
DIGITAL SECURITY  
phone: +7 812 703 1547  
+7 812 430 9130  
e-mail: [email protected]   
www.dsec.ru  
  
  
-----------------------------------  
This message and any attachment are confidential and may be privileged or otherwise protected   
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure   
is strictly prohibited. If you have received this message in error, please notify the sender immediately   
either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence   
via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding   
statements by e-mail unless otherwise agreed.   
-----------------------------------   
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Jul 2008 00:00Current
7.4High risk
Vulners AI Score7.4
velocity web-serverdirectory traversalvulnerabilityold versionupdatesexploitsecurity advisory
30
.json
Report