Re: qDefense Advisory: DCForum allows remote read/write/execute

From: MegaZone (megazoneat_private)
Date: Wed Apr 18 2001 - 13:40:49 PDT

Next message: Carson Gaspar: "Re: PIX Firewall 5.1 DoS Vulnerability"

Previous message: Peter van Dijk: "Re: OpenBSD 2.8 ftpd/glob exploit (breaks chroot)"
Maybe in reply to: Franklin DeMatto: "qDefense Advisory: DCForum allows remote read/write/execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Solution:
> 
> Patch dcboard.cgi to remove double dots and
poison nulls
> 
> Disable uploading

Note that DCScripts released a security patch on
3/31/2001 designed to address these issues:

http://www.dcscripts.com/FAQ/sec_2001_03_31.html

-MZ

Next message: Carson Gaspar: "Re: PIX Firewall 5.1 DoS Vulnerability"
Previous message: Peter van Dijk: "Re: OpenBSD 2.8 ftpd/glob exploit (breaks chroot)"
Maybe in reply to: Franklin DeMatto: "qDefense Advisory: DCForum allows remote read/write/execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 11:23:17 PDT