[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CVE-2012-2627 not really fixed

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] CVE-2012-2627 not *really* fixed
From: Brandon Perry <bperry.volatile@xxxxxxxxx>
Date: Wed, 12 Feb 2014 21:31:20 -0600

On version 11.01 of Sonicwall scrutinizer (downloaded at www.mysonicwall.com),
it seems that the problem was not actually fixed? The open upload handler
still exists, but it fails on the move_uploaded_file line because the
directory that it attempts to move the file to (on linux at least) does not
exist.

https://gist.github.com/anonymous/8969165

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Critical security flaws in Nagios NRPE client/server crypto
Next by Date: Re: [Full-disclosure] yahoo open redirect vulnerability full disclosur
Previous by thread: [Full-disclosure] Critical security flaws in Nagios NRPE client/server crypto
Next by thread: Re: [Full-disclosure] CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option
Index(es):
- Date
- Thread

[Full-disclosure] CVE-2012-2627 not *really* fixed

[Full-disclosure] CVE-2012-2627 not really fixed