[Gnump3d-users] Security: HUGE security hole

gnump3d-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnump3d-users] Security: HUGE security hole

From:	Boris Kurktchiev
Subject:	[Gnump3d-users] Security: HUGE security hole
Date:	Tue, 20 Jul 2004 16:11:28 -0400
User-agent:	KMail/1.6.2

Ok didn't expect this but I just finished running a nessus scan on my machine 
and it came back with one of the most infamous holes ever in gnump3d if you 
do: http://localhost:8888../../../../../../etc/passwd it displays the 
file.... thats BAD. The report also said that the server is vulnerable to jsp 
scrip execution like this:
http://localhost:8888/<SCRIPT>alert('Vulnerable')</SCRIPT>.jsp
but I couldn't get this to work. PLEASE fix the first hole though.

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnump3d-users] Security: HUGE security hole, Boris Kurktchiev <=
- Re: [Gnump3d-users] Security: HUGE security hole, Steve Kemp, 2004/07/20
- Re: [Gnump3d-users] Security: HUGE security hole, Kevin Reilly, 2004/07/23

Prev by Date: [Gnump3d-users] Windows Specific Configuration Settings
Next by Date: Re: [Gnump3d-users] Security: HUGE security hole
Previous by thread: [Gnump3d-users] Windows Specific Configuration Settings
Next by thread: Re: [Gnump3d-users] Security: HUGE security hole
Index(es):
- Date
- Thread