2 matches found
rt-sa-2005-012.txt
Advisory: Pico Server pServ Local Information Disclosure RedTeam found a local information disclosure vulnerability in Pico Server pServ which results in a local user reading all files on the server with pServ's permissions. Details ======= Product: Pico Server pServ Affected Version: 3.3,...
CVE-2005-1367
Pico Server (pServ) before version 3.3 contains a local information disclosure vulnerability: pServ follows symlinks without validating that the link target remains inside the webroot, allowing a local user to read arbitrary files with pServ’s permissions (e.g., /etc/shadow). The issue stems from...