BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[CVE-2018-14429] man-cgi < 1.16 Local File Include Aug 08 2018 07:58AM
eL_Bart0 (eL_Bart0 protonmail ch)
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus