CVE-2002-0466 Information

Description

Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp (2) servubrowse.asp (3) browsedisk.asp (4) browsewebalizerexe.asp or (5) sqlbrowse.asp.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip http://www.securityfocus.com/bid/3808 https://exchange.xforce.ibmcloud.com/vulnerabilities/7823