|
From: | Boris Kurktchiev |
Subject: | [Gnump3d-users] Security: HUGE security hole |
Date: | Tue, 20 Jul 2004 16:11:28 -0400 |
User-agent: | KMail/1.6.2 |
Ok didn't expect this but I just finished running a nessus scan on my machine and it came back with one of the most infamous holes ever in gnump3d if you do: http://localhost:8888../../../../../../etc/passwd it displays the file.... thats BAD. The report also said that the server is vulnerable to jsp scrip execution like this: http://localhost:8888/<SCRIPT>alert('Vulnerable')</SCRIPT>.jsp but I couldn't get this to work. PLEASE fix the first hole though.
[Prev in Thread] | Current Thread | [Next in Thread] |