CVE-2005-3040 Information

Description

Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0 and possibly other versions before 4.3 allows remote attackers to read arbitrary files via ..\ sequences in the Template parameter.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0469.html http://secunia.com/advisories/16854 http://securitytracker.com/id?1014923 http://www.cirt.dk/advisories/cirt-37-advisory.pdf http://www.osvdb.org/19479