[Sybase] software vendors do not think about old bugs

From: Domas Mituzas (midomat_private)
Date: Sat Sep 04 1999 - 05:37:01 PDT

Next message: Ryan Russell: "Re: Default configuration in WatchGuard Firewall"

Previous message: Oscar Haeger: "gftp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

recently I found, that Sybase PowerDynamo personal web server knows how to
handle ../../ queries. I could see the whole disk via web browser :-) This
was found on a rather new release (3.0.0.652) of PD personal web server,
that is included into Enterprise Aplication studio and together with
PowerDynamo in other boxes. This "feature" works both with static and
dynamic file sites (I didn't check database site).

Of course, as it is "personal" web server, such features may be left. But
as the same bugs were in MS and other servers, it is a thing we should
concern - why do software vendors not look at old bugs of other products,
so they could avoid theirs?

With respect,
Domas Mituzas

Next message: Ryan Russell: "Re: Default configuration in WatchGuard Firewall"
Previous message: Oscar Haeger: "gftp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:50 PDT