[VIM] [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion] (fwd)
rkeith at securityfocus.com
rkeith at securityfocus.com
Mon Jan 29 12:27:46 EST 2007
This report came up on the weekend and had some conflicting data. The version
was wrong for the software specified, and the scipt didnt exist. This new
report points to the correct software. However, the report is still bogus
as a configruation file (globals.php) called at the beginning of the
script clearly defines the specified vulnerable parameter.
--
Rob Keith
Symantec
----- Forwarded message from Michał Melewski <mike at carstein.kill-9.pl> -----
From: =?UTF-8?Q?Micha=C5=82?= Melewski <mike at carstein.kill-9.pl>
Subject: Re: Open Conference Systems = 2.8.2 Remote File Inclusion
To: trzindan at hotmail.com
Cc: bugtraq at securityfocus.com
Date: Sat, 27 Jan 2007 21:55:56 +0100
X-Mailer: Evolution 2.8.2.1
Message-Id: <1169931357.8362.3.camel at localhost>
Dnia 27-01-2007, sob o godzinie 12:52 +0000, trzindan at hotmail.com
napisał(a):
> #########################################################################
> # Open Conference Systems <= 2.8.2 Remote File Inclusion
> # Download Source : http://pkp.sfu.ca/ocs/download/ocs-1.1.3.tar.gz
> #
> # Found By : Tr_ZiNDaN
> # Location : TurkeY -- #trzindan at hotmail.fr
> ########################################################################
This bug has nothing to do with Open Conference System. This is a bug in
OpenEMR (http://http://www.oemr.org/)
--
Michael "carstein" Melewski | "We have no future bacause our present
carstein()7thguard.net | is too volatile. We have only risk
mobile: 512 357 303 | management. The spinning of the given
JID: carstein()gentoo.pl | moment's scenarios. Pattern recognition.
--- end forwarded message ---
More information about the VIM
mailing list