This host is running 4psa Voipnow and is prone to local file inclusion vulnerability.
Successful exploitation will allow an attacker to view files and execute local scripts in the context of the application. Impact Level: Application
Upgrade to 4psa voipnow 2.4 or later, For updates refer to http://www.4psa.com/products-voipnow-spe.html
The flaw is due to an improper validation of user-supplied input to the 'screen' parameter in '/help/index.php?', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
4psa voipnow version prior to 2.4
- AlefMentor Multiple SQL Injection Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability