|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: CGI-Bug: News Update 1.1 administration password bug
From: Morpheus[bd] (morpheusbd
GMX.NET)Date: Fri Oct 27 2000 - 10:10:54 CDT
- Next message: Slawek: "Re: Windows (me) printer sharing vulnerability"
- Previous message: Fyodor: "Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
there is a vulnerability in News Update 1.1 ((c) by CGIScriptCenter) which
allows malicious user to change the news administration password without
knowing the correct (former)password. For further information take a look at
the attached package, including an advisory and a proof-of-concept exploit.
Ciao,
Morpheus[bd]
www: www.brightdarkness.de
mailto: morpheusbdgmx.net
- application/x-gzip attachment: newsexp.tar.gz
- Next message: Slawek: "Re: Windows (me) printer sharing vulnerability"
- Previous message: Fyodor: "Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]