lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHuj9+yQyH9bzeimz=d1+eu=LmUwStQ9mqhg5Lcwa5Mxi8Fyeg@mail.gmail.com>
Date: Tue, 14 Aug 2018 06:10:31 -0300
From: Silton Renato <siltonrenato02@...il.com>
To: Henri Salo <henri@...v.fi>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Full Disclosure - Responsive File Manager

I contacted the developer warning of the vulnerability, but he did not
respond. I released full disclosure, he had already released the update. I
found manually checking yes

Em Sáb, 11 de ago de 2018 13:52, Henri Salo <henri@...v.fi> escreveu:

> On Wed, Aug 08, 2018 at 01:43:34PM -0300, Silton Renato wrote:
> > * System affected : Responsive Filemanager
> > * Software Version : 9.13.1 (other versions may also be affected).
> > * Impact : Get sensitive files from the server.
>
> This seems to be fixed in RFM 9.13.3 according to changelog.txt "fix
> vulnerability that permits to see server files", which was released
> 2018-08-04.
> Didn't manually verify.
>
> --
> Henri Salo
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ