[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal
From: ddivulnalert <ddivulnalert () ddifrontline ! com>
Date: 2012-04-26 17:31:49
Message-ID: C1FA68A0-192A-487A-8087-73A67C463161 () ddifrontline ! com
[Download RAW message or body]
Title
-----
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal
Severity
--------
High
Date Discovered
---------------
March 12, 2012
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: r@b13$
Vulnerability Description
-------------------------
Multiple PacketVideo products contain a directory traversal vulnerability w=
ithin the web server that is running on port 9000. These products are vulne=
rable to the attack regardless of having configured the =93Secured Server S=
ettings=94 which are available on the Advanced configuration page. Suscepti=
ble products include the Twonky 7.0 Special and the TwonkyManager 3.0.
An unauthenticated remote attacker can use this vulnerability to retrieve a=
rbitrary files that are located outside the root of the web server.
Solution Description
--------------------
PacketVideo has addressed the issue. Contact the vendor for the software up=
date.
Tested Systems / Software
-------------------------
Twonky 7.0 Special on Windows Vista
TwonkyManager 3.0 on Windows Vista
Vendor Contact
--------------
Vendor Name: PacketVideo Corporation | http://www.pv.com/
Vendor Website: http://twonky.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic