---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: ShowOff! Digital Media Software Two Vulnerabilities SECUNIA ADVISORY ID: SA15300 VERIFY ADVISORY: http://secunia.com/advisories/15300/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS WHERE: >From remote SOFTWARE: ShowOff! Digital Media Software 1.x http://secunia.com/product/5083/ DESCRIPTION: dr_insane has discovered two vulnerabilities in ShowOff! Digital Media Software, which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose sensitive information. 1) An input validation error in the request handling can be exploited disclose the content of arbitrary files via directory traversal attacks. Examples: http://[host]/ShowAlbum?ShowDetails&1&nocount&/../../../../../../../../../../[file] http://[host]/ShowVideo?1&fullnocount&/../../../../../../../../../../[file] http://[host]/ShowGraphic?/../../../../../../../../[file] 2) An error in the communication handling can be exploited to crash a vulnerable service by sending a specially crafted malformed request to port 8083. Successful exploitation requires that file uploads are enabled (not enabled in the default settings). The vulnerabilities have been confirmed in version 1.5.4. Other versions may also be affected. SOLUTION: 1) Filter character sequences in a proxy server or firewall with URL filtering capabilities. 2) Disable file uploads. PROVIDED AND/OR DISCOVERED BY: dr_insane ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------