Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0466

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0466
Last Modified 03 Dec 2010 12:00:00
Published 28 Jan 2008 07:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0466

Summary

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

Vulnerable Systems

Application

  • Webwiz Web Wiz Forums 9.07

  • Webwiz Web Wiz Newspad 1.02

  • Webwiz Web Wiz Rich Text Editor 4.0


References

MISC - http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp

BID - 27419

BUGTRAQ - 20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server

BUGTRAQ - 20080123 Web Wiz Forums Directory traversal

MILW0RM - 4971

MILW0RM - 4970

MISC - http://www.bugreport.ir/?/31

MISC - http://www.bugreport.ir/?/29

SECTRACK - 1019267

SREASON - 3584


Last Updated: 27 May 2016 10:46:48