CVE-2003-1463
published 2003-12-31CVE-2003-1463: Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine…
PriorityP422low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
2.05%
78.8th percentile
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alt-n | webadmin | — | — |
| alt-n | webadmin | — | — |
| alt-n | webadmin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alt-N WebAdmin 2.0.x - Remote File Disclosure
exploitdb·2003-04-25
CVE-2003-1463 Alt-N WebAdmin 2.0.x - Remote File Disclosure
Alt-N WebAdmin 2.0.x - Remote File Disclosure
---
source: https://www.securityfocus.com/bid/7439/info
Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.
http://www.example.com/WebAdmin.dll?session=X&Program=MDaemon&Directory:Name=C:\MDaemon\App&File:Name=MDAEMON.INI&View=EditFile
Exploit-DB
Alt-N WebAdmin 2.0.x - Remote File Viewing
exploitdb·2003-04-25
CVE-2003-1463 Alt-N WebAdmin 2.0.x - Remote File Viewing
Alt-N WebAdmin 2.0.x - Remote File Viewing
---
source: https://www.securityfocus.com/bid/7438/info
Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system.
NOTE: The user must have administrative privileges in WebAdmin to access these files.
http://server/WebAdmin.dll?Session=X&Program=MDaemon&Directory:Name=C:\WINNT&File:Name=WIN.INI&View=ViewFile
No writeups or analysis indexed.
http://securityreason.com/securityalert/3286http://www.securityfocus.com/archive/1/319735http://www.securityfocus.com/bid/7438http://www.securityfocus.com/bid/7439https://exchange.xforce.ibmcloud.com/vulnerabilities/11874https://exchange.xforce.ibmcloud.com/vulnerabilities/11875http://securityreason.com/securityalert/3286http://www.securityfocus.com/archive/1/319735http://www.securityfocus.com/bid/7438http://www.securityfocus.com/bid/7439https://exchange.xforce.ibmcloud.com/vulnerabilities/11874https://exchange.xforce.ibmcloud.com/vulnerabilities/11875
2003-12-31
Published