[20316] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: qDefense Advisory: DCForum allows remote read/write/execute

daemon@ATHENA.MIT.EDU (MegaZone)
Thu Apr 19 14:24:13 2001

Message-ID:  <20010418204049.3276.qmail@securityfocus.com>
Date:         Wed, 18 Apr 2001 20:40:49 -0000
Reply-To: megazone@MEGAZONE.ORG
From: MegaZone <megazone@MEGAZONE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM

> Solution:
> 
> Patch dcboard.cgi to remove double dots and
poison nulls
> 
> Disable uploading

Note that DCScripts released a security patch on
3/31/2001 designed to address these issues:

http://www.dcscripts.com/FAQ/sec_2001_03_31.html

-MZ


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20316] in bugtraq

Re: qDefense Advisory: DCForum allows remote read/write/execute

daemon@ATHENA.MIT.EDU (MegaZone)Thu Apr 19 14:24:13 2001

daemon@ATHENA.MIT.EDU (MegaZone)
Thu Apr 19 14:24:13 2001