[20268] in bugtraq
Re: qDefense Advisory: DCForum allows remote read/write/execute
daemon@ATHENA.MIT.EDU (Wolfgang Wiese)
Tue Apr 17 14:39:08 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20010417110715.A16639@eliza.rrze.uni-erlangen.de>
Date: Tue, 17 Apr 2001 11:07:15 +0200
Reply-To: Wolfgang Wiese <wolfgang.wiese@RRZE.UNI-ERLANGEN.DE>
From: Wolfgang Wiese <wolfgang.wiese@RRZE.UNI-ERLANGEN.DE>
X-To: Franklin DeMatto <franklin@QDEFENSE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.3.2.7.2.20010416212844.00b16620@compumodel.com>; from
franklin@QDEFENSE.COM on Mon, Apr 16, 2001 at 09:30:24PM -0400
Hi,
> Version Tested: DCForum 2000 1.0
> Severity: Any remote attacker may gain read/write/execute privilleges
Isn't that the same security-leak CGISecurity (http://www.CGISecurity.com/)
reportet Nov 2000 about?
Moreover the current version of DCForum is 6.1. The security-leak was
affecting versions 1.0 - 6.0 and was patched by DCScripts on
March, 31. (http://www.dcscripts.com/FAQ/sec_2001_03_31.html)
Ciao,
Wolfgang
--
______________________________________________________________________
Dipl. Inf. Wolfgang Wiese XWolf CGI & Webworking
xwolf@xwolf.com http://www.xwolf.com
______________________________________________________________________
PGP-key: http://www.xwolf.com/public-key.txt
