| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <57800094-4B3F-4BE6-B772-4608F6C7B1A9@ddifrontline.com> Date: Wed, 6 Mar 2013 15:03:56 -0600 From: ddivulnalert <ddivulnalert@...frontline.com> To: <full-disclosure@...ts.grok.org.uk> Subject: DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Title ----- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Severity -------- High Date Discovered --------------- February 14, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: 0x00string, Ryan Oliver and r@...$ Vulnerability Description ------------------------- The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file system. Solution Description -------------------- DALIM has provided a software update which addresses this issue in the form of DiALOG_Server-6.0.0.0-113. The update is available from DALIM. Tested Systems / Software ------------------------- Apple Mac OS X running DALIM Dialog server 6.0 Vendor Contact -------------- Vendor Name: Dalim Software GmbH Vendor Website: http://www.dalim.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists