Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Apr 17 2001 - 12:51:44 CDT
> Sorry for not clarifying. This is another vulnerability. The patch made
> DOES NOT fix this vulnerability.
> The CGISecurity hole only allowed read, not execute, and the patch did not
> affect the az field.
The following information is correct. The hole we found effected the forum= field.
It only allowed remote file viewing and also had a nasty Denial of service effect
which caused a rm -rf effect to whatever dir the script itself was stored.
(Hopefully that part doesn't effect this new bug)