lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: boklm at mars-attacks.org (nicolas vigier) Subject: Vulnerability in sourceforge.net On Wed, 21 Jul 2004, Alexander wrote: > Vulnerability in sourceforge.net. > > Remote user can read any files. Example: Any file the webserver account can read. > http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local > /apache/conf/httpd.conf This is not a vulnerability in sourceforge, but in on of the project's webpage. And anyone with a project on sourceforge can read the same files using his webspace.