[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-id: <986e0489-3103-4a59-9199-97f27ae279ab@me.com>
Date: Fri, 30 Aug 2013 13:16:47 +0000 (GMT)
From: "Larry W. Cashdollar" <larry0@...com>
To: oss-security@...ts.openwall.com
Subject: YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary
upload
Hi,
During further investigation of the Python programming language by XiaoWen for ipad/iphone I discovered a new Lua / Perl / Ruby programming application in the apple application store all written by XiaoWen Huang that suffers from the http file upload vulnerabilities. It appears the ../ has been fixed for these other applications.
Download Locations:
https://itunes.apple.com/us/app/perl-programming-language/id578116006?mt=8&ls=1
https://itunes.apple.com/us/app/ruby-programming-language/id581732143?mt=8&ls=1
https://itunes.apple.com/us/app/lua-programming-language/id505972017?mt=8&ls=1
-- Larry
Content of type "text/html" skipped
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
