| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051217194319.2310.qmail@securityfocus.com> Date: 17 Dec 2005 19:43:19 -0000 From: king_purba@...oo.co.uk To: bugtraq@...urityfocus.com Subject: Fullpath disclosure in roundcube webmail I try this request in my mailbox http://xxxx.com/roundcube/?_auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b0bce= &_task=3Dma%60il then roundcube shows this warning **PHP Error in /usr/local/apache2/htdocs/roundcube/index.php (301)*:* Invalid request failed/file not found The requested page was not found! Please contact your server-administrator. *Failed request:* http://xxxx.com/roundcube/?_auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b0bce= &_task=3Dma%60il
Powered by blists - more mailing lists