CVE-2005-1952

Name of the Vulnerable Software and Affected Versions Pico Server (pServ) version 3.3

Description The issue allows remote attackers to read arbitrary files and execute arbitrary commands by exploiting a directory traversal vulnerability. This is achieved by including a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, resulting in an incorrect directory depth count.

Recommendations For Pico Server (pServ) version 3.3, update to a version that fixes this issue, as the current version allows remote attackers to bypass security restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.