[VIM] Webmin traversal - changelog
George A. Theall
theall at tenablesecurity.com
Fri Jun 30 16:57:16 EDT 2006
security curmudgeon wrote:
> Multiple guess!
>
> a) Not properly fixed the first time
> b) Originally thought to be Windows only, then discovered works on Unix
> c) Completely seperate issues/scripts
The issue with 1.270 involves a failure to sanitize '\' characters in
simplify_path(), while that in 1.280 occurs because simplify_path() is
called before HTML entities are decoded. Sample exploit available on
request.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list