-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there.
Guys, your cgi scripts allow directory traversing and file disclosure. See for yourself: wget -O - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=../../../../../../etc/hosts%00"; Although only first line of the file is returned, it is still a serious issue. I'm going to play with it until you fix it. I promise not to do anything harmfull. :) Thanks, Max. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE9yVaZ8mCpXsrcXpwRAivkAJoDgoTgwoOgwZDo6mwVzoClO2F+KQCeILuF cd8zpOSHgqbIaz3bqUEBObg= =Xec5 -----END PGP SIGNATURE-----
