CVE-2012-10061 Sockso Music Host Server <= 1.5 Path Traversal

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

sockso 1.5 - Directory Traversal

Luigi Auriemma Application: Sockso http://sockso.pu-gh.com Versions: = 1.5 Platforms: Windows, Mac, Linux Bug: directory traversal Exploitation: remote Date: 14 Mar 2012 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== 1...