Full Disclosure mailing list archives
CVE-2012-2627 not *really* fixed
From: Brandon Perry <bperry.volatile () gmail com>
Date: Wed, 12 Feb 2014 21:31:20 -0600
On version 11.01 of Sonicwall scrutinizer (downloaded at www.mysonicwall.com), it seems that the problem was not actually fixed? The open upload handler still exists, but it fails on the move_uploaded_file line because the directory that it attempts to move the file to (on linux at least) does not exist. https://gist.github.com/anonymous/8969165 -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CVE-2012-2627 not *really* fixed Brandon Perry (Feb 14)