Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5688
HistoryJan 30, 2004 - 12:00 a.m.

ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving

2004-01-3000:00:00
vulners.com
15
JSON

ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file
retrieving

Published: 29 january 2004

Released: 29 january 2004

Name: PJ CGI Neo review (NeoBoard review)

Affected Systems: Current version

Issue: Remote file retrieving

Author: Zone-h Security Labs

Vendor: http://www.livepj.com

Description

Zone-h Security Team has discovered a flaw in PJ CGI Neo review (NeoBoard review). There is
a vulnerability in the current version of NeoBoard that allows an attacker to retrieve
arbitrary files from the webserver with its priviledges.

Details

It's possibile for a remote attacker to retrieve any file from a webserver.

For example try this:

http://address/directory/PJreview_Neo.cgi?p=/../../../../../../../../../../../../../../../../etc/passwd

Solution:

The vendor has not been contacted because his site is unreachable.

http://www.zone-h.org/advisories/read/id=3824

JSON