← back
CVE-2011-0063

CVE-2011-0063

EPSS 85.5%
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/16103unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=631307http://secunia.com/advisories/43631http://securityreason.com/securityalert/8133https://exchange.xforce.ibmcloud.com/vulnerabilities/66011http://sotiriu.de/adv/NSOADV-2011-003.txthttp://www.securityfocus.com/archive/1/516923/100/0/threaded