Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)

doubles_at_hush.com
Date: 10/12/04

  • Next message: Vincent Archer: "Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal."
    To: evilninja <evilninja@gmx.net>
    Date: Tue, 12 Oct 2004 00:57:50 -0700
    
    

    On Mon, 11 Oct 2004 16:29:40 -0700 evilninja <evilninja@gmx.net> wrote:
    >evil@sheep:~$ unarj x test.arj
    >ARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia. [27
    >Jun 2004]

    arj != unarj! debian is stubido dist nd it pakage ''arj'' as ''unarj''!

    real unarj 2.* inkl 2.65 latest are vunerabble!

    doubles

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Vincent Archer: "Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal."

    Relevant Pages

    • Re: delving deeper
      ... intro for Network scanning. ... I've been looking at security and penetration-testing for some ... secure FREE email: http://www.hushmail.com/?l=2 ... ultra-private instant messaging with Hush Messenger ...
      (Pen-Test)
    • [Full-disclosure] (no subject)
      ... secure FREE email: http://www.hushmail.com/?l=2 ... ultra-private instant messaging with Hush Messenger ... Promote security and make money with the Hushmail Affiliate Program: ...
      (Full-Disclosure)
    • eEye Blink and other Endpoint IPS solutions.
      ... on system performance and how their effectiveness compares to NIPS. ... secure FREE email: http://www.hushmail.com/?l=2 ... ultra-private instant messaging with Hush Messenger ... CORE IMPACT. ...
      (Focus-IDS)
    • Re: [Full-Disclosure] The Hackers Manifesto Reloaded
      ... >not a declaration of war, it is a statement accompanying a point for ... Senior Security Consultant at iDEFENSE labs ... secure FREE email: http://www.hushmail.com/?l=2 ... ultra-private instant messaging with Hush Messenger ...
      (Full-Disclosure)
    • Re: wargame issue
      ... Regards, ... >I know that this application doesn't check input string, ... secure FREE email: http://www.hushmail.com/?l=2 ... ultra-private instant messaging with Hush Messenger ...
      (Security-Basics)