[FD] Back To The Future: Unix Wildcards Gone Wild

Hi, We wanted to inform all major *nix distributions via our responsible disclosure policy about this problem before posting it, because it is highly likely that this problem could lead to local root access on many distributions. But, since part of this research contained in the document was menti

[FD] Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities

Document Title: Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Release Date: === June 21, 2014 Product & Service Introduction: Mailspect is the email security and archiving brand of RAE Internet Inc., Tarrytown, New York. The Mailsp

[FD] CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)

Details Software: Simple Share Buttons Adder Version: 4.4 Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/ Advisory report: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC

[FD] [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's docu

Re: [FD] Back To The Future: Unix Wildcards Gone Wild

> We wanted to inform all major *nix distributions via our responsible > disclosure policy about this problem before posting it I'm not sure how to put it mildly, but I think you might have been scooped on this some 1-2 decades ago... Off the top of my head, there's a rant about this behavior in