search for: 252e

I just found a vulnerability in one of my web apps that was running Mongrel 1.1.2 where I could go to URIs like /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd and it would serve the actual /etc/passwd file. The issue seems to be in lib/mongrel/handlers.rb in the change from 1.0.3 to 1.0.4 req_path = HttpRequest.unescape(path_info) - if @path - req_path = File.expand_path(File.join...

* Apologies for starting a new thread; I just subscribed. Has anyone been able to make this exploit happen if requests are being proxied to Mongrel through Apache? I''ve been trying variations on the double-encoding thing and can''t trigger the exploit through Apache. Hitting Mongrel directly does expose the problem. I''ll still upgrade my servers, of course, but I

...ypervisor command is returning -1, with errno set to 1 (EPERM) : libxl: debug: libxl_create.c:1174:do_domain_create: ao 0x622890: create: how=(nil) callback=(nil) poller=0x622920 Breakpoint 2, xc_domain_create (xch=0x622240, ssidref=0, handle=handle@entry=0x7fffffffe1b0 "\316\260\203\242\376\252E\260\257\342;\324N\264\330\303\031", flags=flags@entry=0, pdomid=pdomid@entry=0x7fffffffe28c) at xc_domain.c:33 33 { (gdb) n 37 domctl.cmd = XEN_DOMCTL_createdomain; (gdb) 38 domctl.domain = (domid_t)*pdomid; (gdb) 39 domctl.u.createdomain.ssidref = ssidref;...

Hi all. I am attempting to setup Asterisk to allow me to press *1 while in a call to use automon to record the call but have had absolutely no success. Is there a trick to this? In extensions.conf [globals] DYNAMIC_FEATURES=>automon [default] exten => 123,2,Dial(SIP/3000,,wW) ; wW allow one-touch recording During the call, I press *1 but it records nothing. David Morrow

Hey Richard, Could you share the following informations please? 1. gluster volume info <volname> 2. getfattr output of that file from all the bricks getfattr -d -e hex -m . <brickpath/filepath> 3. glustershd & glfsheal logs Regards, Karthik On Thu, Oct 26, 2017 at 10:21 AM, Amar Tumballi <atumball at redhat.com> wrote: > On a side note, try recently released health

On a side note, try recently released health report tool, and see if it does diagnose any issues in setup. Currently you may have to run it in all the three machines. On 26-Oct-2017 6:50 AM, "Amar Tumballi" <atumball at redhat.com> wrote: > Thanks for this report. This week many of the developers are at Gluster > Summit in Prague, will be checking this and respond next

...CD82E47A27ACBBB06F2E117D21FF (27f90a22-d06c-4e9c-b96b-86a41e9029da) on home-client-2 [2017-10-25 10:14:22.872582] W [MSGID: 108015] [afr-self-heal-entry.c:56:afr_selfheal_entry_delete] 0-home-replicate-0: expunging file a3f5a769-8859-48e3-96ca-60a988eb9358/791D360F96A16001B1EDA07DA80727182A5D96B9 (2252e0fe-590d-43d8-b3cb-06798d61d562) on home-client-2 [2017-10-25 10:14:22.892376] W [MSGID: 108015] [afr-self-heal-entry.c:56:afr_selfheal_entry_delete] 0-home-replicate-0: expunging file a3f5a769-8859-48e3-96ca-60a988eb9358/FEAB98CF6BC9033AEC03AC9AAEA175451CE70393 (2d92eb4e-a6f4-4049-9e24-6e730484674c...