Re: qDefense Advisory: DCForum allows remote read/write/execute

From: Wolfgang Wiese (wolfgang.wieseat_private-ERLANGEN.DE)
Date: Tue Apr 17 2001 - 02:07:15 PDT

Next message: Vittal Aithal: "Re: Double clicking on innocent looking files may be dangerous"

Previous message: Robert Varga: "Re: Solaris ipcs vulnerability"
In reply to: Franklin DeMatto: "qDefense Advisory: DCForum allows remote read/write/execute"
Next in thread: Franklin DeMatto: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Reply: Franklin DeMatto: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Version Tested: DCForum 2000 1.0
> Severity: Any remote attacker may gain read/write/execute privilleges


Isn't that the same security-leak CGISecurity (http://www.CGISecurity.com/)
reportet Nov 2000 about?

Moreover the current version of DCForum is 6.1. The security-leak was
affecting versions 1.0 - 6.0 and was patched by DCScripts on
March, 31. (http://www.dcscripts.com/FAQ/sec_2001_03_31.html)

Ciao,
  Wolfgang


--
______________________________________________________________________
  Dipl. Inf. Wolfgang Wiese                   XWolf CGI & Webworking
  xwolfat_private                               http://www.xwolf.com
______________________________________________________________________
            PGP-key: http://www.xwolf.com/public-key.txt

Next message: Vittal Aithal: "Re: Double clicking on innocent looking files may be dangerous"
Previous message: Robert Varga: "Re: Solaris ipcs vulnerability"
In reply to: Franklin DeMatto: "qDefense Advisory: DCForum allows remote read/write/execute"
Next in thread: Franklin DeMatto: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Reply: Franklin DeMatto: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 09:19:26 PDT