lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: doubles at (
Subject: unarj dir-transversal bug (../../../..)

On Mon, 11 Oct 2004 12:50:20 -0700 Chris Umphress <>
>$ arj a test.arj ../../../usr/local/bin/test.txt

ya have ''.'' in yar PATH! bwahahahah!

>Apart from it removing one "../" from the filename I gave it, it
>worked exactly as I expected.

dis is powerfull security whole! im writting a exploit for it right now
in visual cobol!

czech this out::


Concerned about your privacy? Follow this link to get
secure FREE email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

Powered by blists - more mailing lists