CVE-2004-1572 - Gamic Ribbon
Description
AJ-Fork 167 does not restrict access to directories such as (1) data (2) inc (3) plugins (4) skins or (5) tools which allows remote attackers to list files in those directories via a direct HTTP request.
Reference
http://echo.or.id/adv/adv07-y3dips-2004.txt http://www.securityfocus.com/bid/11301 http://securitytracker.com/id?1011484 http://marc.info/?l=bugtraq&m=109664986210763&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17569