|
Full Disclosure
mailing list archives
CVE-2012-2627 not *really* fixed
From: Brandon Perry <bperry.volatile () gmail com>
Date: Wed, 12 Feb 2014 21:31:20 -0600
On version 11.01 of Sonicwall scrutinizer (downloaded at www.mysonicwall.com),
it seems that the problem was not actually fixed? The open upload handler
still exists, but it fails on the move_uploaded_file line because the
directory that it attempts to move the file to (on linux at least) does not
exist.
https://gist.github.com/anonymous/8969165
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- CVE-2012-2627 not *really* fixed Brandon Perry (Feb 14)
| 
