NuytsTech Security

CVE-2006-0707

by ·

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.

Date published : 2006-02-15

http://www.securityfocus.com/bid/16641

http://sourceforge.net/project/shownotes.php?release_id=391800

Tags: