[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-0063

Date: (C)2011-03-15   (M)2017-08-18 


The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
http://www.securityfocus.com/archive/1/archive/1/516923/100/0/threaded
SECUNIA-43631
SREASON-8133
http://sotiriu.de/adv/NSOADV-2011-003.txt
https://bugzilla.mozilla.org/show_bug.cgi?id=631307
majordomo-listfileget-dir-traversal(66011)

CWE    1
CWE-22

© 2013 SecPod Technologies