Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unarj dir-transversal bug (../../../..)

From: <doubles () hush com>
Date: Tue, 12 Oct 2004 00:57:50 -0700
On Mon, 11 Oct 2004 16:29:40 -0700 evilninja <evilninja () gmx net> wrote:

evil@sheep:~$ unarj x test.arj
ARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia. [27
Jun 2004]


arj != unarj! debian is stubido dist nd it pakage ''arj'' as ''unarj''!

real unarj 2.* inkl 2.65 latest are vunerabble!

doubles




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: