https://www.exploit-db.com/exploits/21030
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-177

SnapStreamPVS1.2a存在目录遍历漏洞。远程攻击者可以借助URL请求的一个..（点点）攻击读取任意文件。

source: http://www.securityfocus.com/bid/3100/info

Snapstream Personal Video Station is an application for Microsoft Windows which allows users to record video output on their PC and view it at a later time, locally or via an HTTP interface. The Snapstream PVS web interface runs on port 8129.

Snapstream PVS is prone to attacks which allow a remote user to break out of the wwwroot and browse the filesystem at large. The remote attacker may accomplish this by crafting a web request which uses '../' sequences to traverse directories and access arbitrary web-readable files.

The impact of exploiting this vulnerability is that confidential information may be disclosed to the attacker and follow-up attacks against the host may occur.

If exploited conjunction with Bugtraq ID 3101, a remote attacker can gain the administrative password for Snapstream.

http://home.victim.com:8080/../../../../autoexec.bat

http://home.victim.com:8080/../../../winnt/repair/sam

来源:XF
名称:snapstream-dot-directory-traversal(6917)
链接:http://xforce.iss.net/static/6917.php
来源:BID
名称:3100
链接:http://www.securityfocus.com/bid/3100
来源:discuss.snapstream.com
链接:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
来源:BUGTRAQ
名称:20010726SnapstreamPVSvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
来源:OSVDB
名称:2080
链接:http://www.osvdb.org/2080