Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: offexp2.htm

Offline Explorer serious remote directory traversal vulnerability



Vulnerability

    Offline Explorer

Affected

    MetaProducts Offline Explorer prior to 1.4 SR2

Description

    'dodger' found following.  The Offline Explorer 1.4 has a  serious
    bug.  It's similar to the fixed http://127.0.0.1:800/./../../ bug.
    With

        http://127.0.0.1:800/C:/

    it is possible to access the harddrive and read all files.

Solution

    This bug  is fixed  in the  newest version  (Offline Explorer  1.4
    Service Release 2).


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH