|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: admin
cgisecurity.comDate: Tue Apr 17 2001 - 12:51:44 CDT
>
> Sorry for not clarifying. This is another vulnerability. The patch made
> DOES NOT fix this vulnerability.
> The CGISecurity hole only allowed read, not execute, and the patch did not
> affect the az field.
The following information is correct. The hole we found effected the forum= field.
It only allowed remote file viewing and also had a nasty Denial of service effect
which caused a rm -rf effect to whatever dir the script itself was stored.
(Hopefully that part doesn't effect this new bug)
- zenomorph
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]