On Mon, 2005-11-21 at 07:59 +0100, Thomas Viehmann wrote:
> Moritz Muehlenhoff wrote:
> > phpgroupware-fudforum is vulnerable as well, see
> > http://www.mail-archive.com/phpgroupware-cvs@gnu.org/msg21210.html for a
> > fix.
> Yeah.
> Unfortunately, the fix hasn't been forwarded. Thanks for digging
Moritz Muehlenhoff wrote:
> phpgroupware-fudforum is vulnerable as well, see
> http://www.mail-archive.com/phpgroupware-cvs@gnu.org/msg21210.html for a
> fix.
Yeah.
Unfortunately, the fix hasn't been forwarded. Thanks for digging it up.
Kind regards
T.
--
Thomas Viehmann, http://thomas.viehmann.
Package: phpgroupware-fudforum
Severity: grave
Tags: security
Justification: user security hole
phpgroupware embeds a shared/forked copy of "fudforum", which was
vulnerable to:
| The Avatar upload feature in FUD Forum before 2.7.0 does not properly
| verify uploaded files, which allows remote att
3 matches
Mail list logo
