[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTB22795: Path disclosure in Hycus CMS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: HTB22795: Path disclosure in Hycus CMS
From: advisory@xxxxxxxxxxx
Date: Thu, 27 Jan 2011 09:38:09 +0100 (CET)

Vulnerability ID: HTB22795
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_hycus_cms.html
Product: Hycus CMS
Vendor: Hycus Web Development Team ( http://www.hycus.com/ ) 
Vulnerable Version: 1.0.3 and probably prior versions
Vendor Notification: 13 January 2011 
Vulnerability Type: Path disclosure
Status: Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing 
(http://www.htbridge.ch/) 

Vulnerability Details:
The vulnerability exists due to failure in the 
"/templates/hycus_template/template.php" script, it's possible to generate an 
error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other 
potentially sensitive information.

http://host/templates/hycus_template/template.php

Prev by Date: ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.
Next by Date: Microsoft IIS 6 parsing directory “x.asp” Vulnerability
Previous by thread: [USN-1051-1] HPLIP vulnerability
Next by thread: Microsoft IIS 6 parsing directory “x.asp” Vulnerability
Index(es):
- Date
- Thread