lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050815165254.20871.qmail@securityfocus.com>
Date: 15 Aug 2005 16:52:54 -0000
From: wiley14@...il.com
To: bugtraq@...urityfocus.com
Subject: Vulnerability found in CPAINT Ajax Toolkit


I am the original author of the CPAINT Ajax Toolkit (http://cpaint.sourceforge.net/).  Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP (which is the patched version of the software) that can allow a user with malicious intent to execute server or ASP/PHP commands that would allow them to easily access data on the server.

We have removed prior versions of the software from our SourceForge Project website and highly recommend that all users upgrade to v1.3-SP which can be downloaded at http://sourceforge.net/project/showfiles.php?group_id=141041&package_id=154713&release_id=349396

This problem will also affect any software packages and/or websites that utilize the CPAINT toolkit.  We also suspect this problem affects other AJAX toolkits (as they are all very similar in the way they execute functions on the backend) and urge other AJAX toolkit authors and users to test for any security problems as well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ