COMMAND

    WebXQ

SYSTEMS AFFECTED

    WebXQ v2.1.204

PROBLEM

    Joe Testa found  following.  WebXQ  v2.1.204 is a  web server.   A
    vulnerability exists which  allows a remote  user to break  out of
    the ftp root.

    The following URL demonstrates the problem:

        http://localhost/./.../[any file outside web root]

SOLUTION

    Vendor has  released v2.1.205  which fixes  this problem.   It  is
    available at:

        http://www.datawizard.net/Free_Software/WebXQ_Free/webxq_free.htm