Directory traversal

2007-12-1200:46:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.1%

JSON

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain …\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a …\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.

CPENameOperatorVersion
barracudadrive_web_servereq3.7.2
barracudadrive_web_server_home_servereq3.7.2

CPE	Name	Operator	Version
	barracudadrive_web_server	eq	3.7.2
	barracudadrive_web_server_home_server	eq	3.7.2

References

aluigi.altervista.org/adv/barradrive-adv.txt

secunia.com/advisories/28032

securityreason.com/securityalert/3434

www.securityfocus.com/archive/1/484833/100/0/threaded

www.securityfocus.com/bid/26805