2 matches found
CVE-2008-0396
CVE-2008-0396 is a directory traversal vulnerability in BitDefender Update Server (http.exe) used by BitDefender products. The vulnerability allows an unauthenticated remote attacker to read arbitrary files by crafting HTTP requests with directory traversal sequences (..). The issue affects the U...
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
The version of BitDefender Update Server running on the remote host fails to sanitize request strings of directory traversal sequences, which allows an unauthenticated attacker to read files outside the web server's document directory. Note that the server runs with LocalSystem privileges by...