[Sybase] software vendors do not think about old bugs

[midom () DAMMIT LT (Domas Mituzas)]

Hello all,

recently I found, that Sybase PowerDynamo personal web server knows how to
handle ../../ queries. I could see the whole disk via web browser :-) This
was found on a rather new release (3.0.0.652) of PD personal web server,
that is included into Enterprise Aplication studio and together with
PowerDynamo in other boxes. This "feature" works both with static and
dynamic file sites (I didn't check database site).

Of course, as it is "personal" web server, such features may be left. But
as the same bugs were in MS and other servers, it is a thing we should
concern - why do software vendors not look at old bugs of other products,
so they could avoid theirs?

With respect,
Domas Mituzas