CVE-2004-1572 Information

Description

AJ-Fork 167 does not restrict access to directories such as (1) data (2) inc (3) plugins (4) skins or (5) tools which allows remote attackers to list files in those directories via a direct HTTP request.

Reference

http://echo.or.id/adv/adv07-y3dips-2004.txt http://marc.info/?l=bugtraq&m=109664986210763&w=2 http://securitytracker.com/id?1011484 http://www.securityfocus.com/bid/11301 https://exchange.xforce.ibmcloud.com/vulnerabilities/17569