[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [Full-disclosure] Rockliffe Directory Transversal Vulnerability
- To: Stan Bubrouski <stan.bubrouski@xxxxxxxxx>
- Subject: Re[2]: [Full-disclosure] Rockliffe Directory Transversal Vulnerability
- From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 22:05:34 +0300
Dear Stan Bubrouski,
Yes, I wrote few tools to manage files via IMAP back in 2002:
http://www.security.nnov.ru/files/imaptools.tgz
description is here:
http://www.security.nnov.ru/news2063.html
--Wednesday, January 4, 2006, 8:03:40 PM, you wrote to jzlatin@xxxxxxxx:
SB> Seeing as most IMAP servers allow you to use ../../ with SELECT, etc..
SB> (think uw-imapd for example) I think I would categorize this as more
SB> of a permissions problem.
--
~/ZARAZA
http://www.security.nnov.ru/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/