
Researcher discloses zero-day vulnerability in FireEye - wglb
http://www.csoonline.com/article/2980937/vulnerabilities/researcher-discloses-zero-day-vulnerability-in-fireeye.html
======
ddddddddq
Here's the exploit posting that they refer to in the first paragraph:
[https://www.exploit-db.com/exploits/38090/](https://www.exploit-
db.com/exploits/38090/)

~~~
jessaustin

        ...&name=../../../../../../../../../../../etc/passwd...
    

There's nothing like the old classics...

------
tptacek
One reason these vulnerabilities are so common is that the admin interfaces of
appliances like FireEye's aren't normally exposed on the Internet.

~~~
wglb
Ah, but there is no perimeter!

------
qCOVET
A cyber security company that does this

"the box has Apache, pushing PHP, running as root."

is not a cyber security company .. lol

