Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.Referenceshttp://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asphttp://www.securityfocus.com/archive/1/486868/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/39868http://secunia.com/advisories/28639https://www.exploit-db.com/exploits/4971http://www.securityfocus.com/bid/27419http://securityreason.com/securityalert/3584http://www.bugreport.ir/?/31http://securitytracker.com/id?1019267
