Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Tue Jul 02 2002 - 04:07:23 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Noguska Nola 1.1.1 [ Intranet Business Management Software ]
.: Software Desciption :.
- - compied from their site -
Redefining the scope of Enterprise Software
The NOLA web based software package allows your business to effortlessly reach further than previously thought possible. NOLA provides your company's accounting, inventory, point of sale, contact management, billing, puchasing, and reporting all in one integrated package. NOLA takes e-commerce to the next step, allowing for real time inventory quantity updates. Users are able to do ANYTHING from ANYWHERE.
Rock solid stability
The NOLA system is built around a secure, open platform. NOLA ships with the Apache Web Server, the most widely used web server in the world. Apache is used to serve more web sites than every other web server combined1. Also supplied is the MySQL database engine, a lightning fast SQL server designed for large amounts of data. MySQL is also used by NASA and Yahoo!. According to the Netcraft Feb 2001 Survey.
- -- snip --
Risks: Very High
.: Bug Description :.
It's possible to upload php code with certain file extensions such as: .php4, .phtml, .html etc.. using all upload fields in the whole application.
Vendor did not think of verifying user input.
.: Imagination :.
An attacker can also C code and compile using php as his command line interpreter. I leave the rest to a malicious imagination.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
-----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople