HomeSeer Home Automation Software Multiple Web Vulnerabilities

HomeSeer Home Automation Software Multiple Web Vulnerabilities (0day)
Date: 3/6/12
Author: Silent_Dream
Software Link: http://www.homeseer.com/pub/setuphs2_5_0_49.exe
Version: 2.5.0.49
Tested on: Win XP
CERT VU#796883: http://www.kb.cert.org/vuls/id/796883
Note: This affects both HomeSeer HS2 and HomeSeer PRO.
Previously reported XSS attack vector (elog) reported to CERT was fixed in 2.5.0.49 update.
A) Directory Traversal: Retrieving the users.cfg file which contains HomeSeer usernames, access levels, and encrypted passwords.

Exploit-DB updates