Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)

doubles_at_hush.com
Date: 10/12/04

  • Next message: Vincent Archer: "Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal."
    To: evilninja <evilninja@gmx.net>
    Date: Tue, 12 Oct 2004 00:57:50 -0700
    
    

    On Mon, 11 Oct 2004 16:29:40 -0700 evilninja <evilninja@gmx.net> wrote:
    >evil@sheep:~$ unarj x test.arj
    >ARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia. [27
    >Jun 2004]

    arj != unarj! debian is stubido dist nd it pakage ''arj'' as ''unarj''!

    real unarj 2.* inkl 2.65 latest are vunerabble!

    doubles

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Vincent Archer: "Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal."