lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Jul 2009 22:18:00 +0630
From: "YGN Ethical Hacker Group (http://yehg.net)" <lists@...g.net>
To: full-disclosure@...ts.grok.org.uk
Subject: DOMPDF Arbitrary File Read <= 0.5.1
=================================
DOMPDF Arbitrary File Read <= 0.5.1
=================================
Discovered by:
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Advisory URL:
http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul%20DomPDF.pdf
Risk: Highest
Threats: Sensitive Information Leakage
Product Name: DOMPDF
Product Description: PHP5 HTML to PDF converter
Author: Benj Carson <benjcarson@...italjunkies.ca>
URL: http://www.digitaljunkies.ca/dompdf
Vulnerability Overview
====================
DOMPDF lets attackers to read any files on the server outputted as pdf files
via crafted urls.
Discovered by:
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Advisory URL:
http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul%20DomPDF.pdf
Risk: Highest
Threats: Sensitive Information Leakage
Product Name: DOMPDF
Product Description: PHP5 HTML to PDF converter
Author: Benj Carson <benjcarson@...italjunkies.ca>
URL: http://www.digitaljunkies.ca/dompdf
Vulnerability Overview
====================
DOMPDF lets attackers to read any files on the server outputted as pdf files
via crafted urls.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists