[VIM] Webmin traversal - changelog

George A. Theall theall at tenablesecurity.com
Fri Jun 30 16:57:16 EDT 2006


security curmudgeon wrote:

> Multiple guess!
> 
> a) Not properly fixed the first time
> b) Originally thought to be Windows only, then discovered works on Unix
> c) Completely seperate issues/scripts

The issue with 1.270 involves a failure to sanitize '\' characters in
simplify_path(), while that in 1.280 occurs because simplify_path() is
called before HTML entities are decoded. Sample exploit available on
request.

George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list