OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: CGI-Bug: News Update 1.1 administration password bug
From: Morpheus[bd] (morpheusbdGMX.NET)
Date: Fri Oct 27 2000 - 10:10:54 CDT


Hi,

there is a vulnerability in News Update 1.1 ((c) by CGIScriptCenter) which
allows malicious user to change the news administration password without
knowing the correct (former)password. For further information take a look at
the attached package, including an advisory and a proof-of-concept exploit.

Ciao,
Morpheus[bd]
www: www.brightdarkness.de
mailto: morpheusbdgmx.net