[FD] Back To The Future: Unix Wildcards Gone Wild

2014-06-26 Thread defensecode
Hi, We wanted to inform all major *nix distributions via our responsible disclosure policy about this problem before posting it, because it is highly likely that this problem could lead to local root access on many distributions. But, since part of this research contained in the document was

[FD] Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities

2014-06-26 Thread Onur Alanbel
Document Title: Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Release Date: === June 21, 2014 Product Service Introduction: Mailspect is the email security and archiving brand of RAE Internet Inc., Tarrytown, New York. The

[FD] [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

2014-06-26 Thread RedTeam Pentesting GmbH
Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's