Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Web Forums Server Multiple Vulnerabilities
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 11-03-2004, 07:23 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,584
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Web Forums Server Multiple Vulnerabilities
Web Forums Server

Web Site:
http://www.minihttpserver.net

Affected Version(s):
1.6,2.0 Power Pack(current)

Description:
Web Forums Server is "all in one" Web Server for Microsoft Windows Operating Systems. Web Forums Server have a build in User manage system, Message Board system, ShareFile System ,Share Photo System.include a powerful, flexible, compliant web server. Implements the latest protocols,including HTTP/1.1 (RFC2616)

Multiple Vulnerabilities in Web Forums Server:

Directory Traversal Vulnerability:

There is directory traversal vulnerability in Web Forums Server that may allow a remote attacker to view files residing outside of the web server root directory.

Examples:

http://[victim]/......file.ext
http://[victim]/../../../file.ext
or as encoded format:
http://[victim]/%2E%2E%5C%2E%2E%5C%2E%2E%5Cfile.ext
http://[victim]/%2E%2E%2F%2E%2E%2F%2E%2E%2Ffile.ext

Plaintext Password Vulnerability:

Web Forums Server stores all accounts with the passwords in plaintext using Username.ini file. So this could lead to users gaining unauthorized access to passwords, and potentially unauthorized access to the Web Forums Server.
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump

    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    Multiple Vulnerabilities in Mozilla Firefox, Netscape Mobo Security Alerts and vulnerabilities 0 09-23-2005 08:56 PM
    Sun Java System Server XSite Scripting Mobo Security Alerts and vulnerabilities 0 03-23-2005 01:00 PM
    Multiple Vulnerabilities in Yahoo Mobo Security Alerts and vulnerabilities 0 02-24-2005 06:45 PM
    Media Player Remote PNG for windows server Mobo Security Alerts and vulnerabilities 0 02-09-2005 01:13 PM
    Microsoft December security update Mobo News & Announcements 0 12-18-2004 07:30 AM



    All times are GMT -5. The time now is 08:27 PM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2