Reported April 26, 2001, by Joe Testa.
WebXQ 2.1.204 for Windows 2000, Windows NT, and Windows 9x
A vulnerability exists in WebXQ that lets an attacker break out of the Web root by using relative paths. For example, an attacker can gain access to files outside of the Web root directory by connecting to a vulnerable host and issuing the command http://<vulnerablehost>/./…/<file outside of Web root>.
The vendor, DataWizard Technologies, has released Version 2.1.205 to correct this vulnerability.
Discovered by Joe Testa.