Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) (groups.google.com) 4 points by bensedat 11y ago ↗ HN
[–] ShaneWilton 11y ago ↗ Wow, this is trivial to exploit -- I recommend people apply the patches immediately. You can't leak file contents, but it's otherwise a fairly standard path traversal attack.
1 comment
[ 4.3 ms ] story [ 19.1 ms ] thread