Eserv 2.50 Web interface Server Directory Traversal Vulnerability
Eserv 2.50 Eserv 2.50 Web interface Server Directory Traversal Vulnerability



Eserv/2.50 is the complete solution to access Internet from LAN: - Mail Server (SMTP and POP3, with ability to share one mailbox on the ISP, aliases and mail routing support) - News Server (NNTP) - Web Server (with CGI, virtual hosts, virtual directory support, web-interface for all servers in the package) - FTP Server (with virtual directory support) - Proxy Servers * FTP proxy and HTTP caching proxy * FTP gate * HTTPS proxy * Socks5, Socks4 and 4a proxy * TCP and UDP port mapping * DNS proxy - Finger Server - Built-in scheduler and dialer (dial on demand, dialer server for extern agents, scheduler for any tasks)


UssrLabs found a Eserv Web Server Directory Traversal Vulnerability Using the string '../' in a URL, an attacker can gain read access to any file outside of the intended web-published filesystem directory There is not much to expand on this one....



to show all configuration file including account names

Vendor Status:

no contacted

Vendor Url:

Program Url:



Nothing yet.

u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h