lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <005801cc43d0$a09c2cf0$9b7a6fd5@ml> Date: Sat, 16 Jul 2011 18:53:10 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk> Subject: Code Execution vulnerabilities in TinyBrowser Hello list! I want to warn you about Code Execution vulnerabilities in TinyBrowser - file manager for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyBrowser v1.42 and previous versions (and all web applications which are using it, such as TinyMCE). Developer fixed these holes in the next version 1.43 already in February, after my informing, but this version still was not released. So contact developer for new version. ---------- Details: ---------- Code Execution (WASC-31): Execution of arbitrary code is possible due to bypass of program's security filters (on web servers IIS and Apache). Code will execute via file uploading. Program is vulnerable to three methods of code execution: 1. Via using of symbol ";" (1.asp;.txt) in file name (IIS). 2. Via "1.asp" in folder name (IIS). 3. Via double extension (1.php.txt) (Apache with special configuration). ------------ Timeline: ------------ 2011.02.11 - announced at my site. 2011.02.14 - informed developer. 2011.02.17 - developer answered, that he has just fixed them in the next version 1.43. 2011.07.14 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4922/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists