Home page logo

fulldisclosure logo Full Disclosure mailing list archives

DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Tue, 2 Sep 2008 15:21:49 -0500

DDIVRT-2008-13  AVTECH PageR Enterprise Directory Traversal


Date Discovered
July 1, 2008

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r () b13$

Vulnerability Description
PageR Enterprise is a centralized device / server event monitoring
system.  The PageR Enterprise server web interface is vulnerable to a
common web directory traversal attack.  Successful eploitation will
result in arbitrary read-only file access outside of the PageR
Enterprise web root.  

Solution Description
AVTECH has addressed this flaw in PageR version 5.0.7, which was
available for public use on August 13, 2008.

Tested Systems / Software (with versions)
Tested against PageR Enterprise/4.3.7 running on a Microsoft Windows
2000 system.  Other versions of PageR Enterprise may be vulnerable.

Vendor Contact
Website: http://avtech.com/
Contact Information: Info () AVTECH com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal DDI_Vulnerability_Alert (Sep 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]