CVE-2005-3484 Information

Description

Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP AVI JPG TXT and HTML) via ..\ and hex-encoded (1) slash /\ (\2f) or (2) backslash \\ (\5c) sequences.

Reference

http://aluigi.altervista.org/adv/neronet-adv.txt http://marc.info/?l=full-disclosure&m=113096009930152&w=2 http://secunia.com/advisories/17421 http://www.securityfocus.com/bid/15288 http://www.vupen.com/english/advisories/2005/2287