Vulnerability in Picserver


Picserver is a specialized webserver available from
and  A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').


        http://localhost:7000/../[file outside web root]
        http://localhost:7000/.../[file outside web root]


No quick fix is possible.

    Vendor Status

Information Management Specialists, Inc. was contacted via
<[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> on Monday, January 29,
2001.  No reply was received.

        - Joe Testa  ( e-mail: [EMAIL PROTECTED] / AIM: LordSpankatron

Reply via email to