Advisory: Directory Traversal in DevExpress ASP.NET File Manager
During a penetration test RedTeam Pentesting discovered a directory
traversal vulnerability in DevExpress' ASP.NET File Manager and File
Upload. Attackers are able to read arbitrary files by specifying a
The latest available version of Scrumworks Pro does not perform proper
authorization checks when users attempt to change passwords via the Java
Web Start client.
If you capture the request the web start client makes when changing the
'administrator' user's password, and substitute the JSESSIONID
Advisory: PHPBTTracker+ 2.2 SQL Injection
Disclosure by: BackBox Team i...@backbox.org
SQL Injection through User-Agent.
User agent is an HTTP header section provided by appliaction used by
Jose Carlos Luna Duran writes:
In my opinion the drop of privs in bash was mostly a help measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this ...
True, but it is a slight help and I'm in favour of keeping it.
Correct me if I'm
Sent through the Full Disclosure mailing list
2014-06-03 16:16 GMT+02:00 Hector Marco hecma...@upv.es:
Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.
We think that this is a security issue because in some circumstances
the bash security feature could be