COMMAND

    MP3Mystic

SYSTEMS AFFECTED

    MP3Mystic 1.01, 1.03, 1.04

PROBLEM

    nemesystm of the  DHC found following.   MP3Mystic is a  webserver
    that lets a visitor browse your harddrive only showing MP3  files.
    It is vulnerable to the dot dot bug.

    Version 1.0 is assumed to be vulnerable as well.

    By requesting

        www.server.com/../scandisk.log

    one can retrieve scandisk.log.  Add ../'s to adjust the amount  of
    directories that have to be moved down in.

SOLUTION

    Download MP3Mystic 1.04b3.  This will fix the bug.