So I'm sure this passed over your inboxes in some form or another.... http://www.securiteam.com/unixfocus/6L00L008KE.html
Just a standard directory traversal attack in an open source, fixed rapidly like any good open source project. Except that nobody really looked too hard at the software, try going to http://victim.com/bytehoard/files.inc.php and you'll find the root directory of the host machine revealsed to you, you can traverse the tree, but downloading doesn't appear to work. Kind of an embarressing bug to have in your software. Just a FYI Chris __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html