[Deskaheh-sysadmin] Dadaimc exploit
finn c.
finn at animal-liberation.org.nz
Tue Oct 19 01:01:15 PDT 2004
Hi,
It's likely that your version of Dadaimc has a security exploit, in
which someone can paste javascript into the publish form and execute
code. This is a serious exploit, so please act on this asap.
There's a recent thread on imc-tech:
http://lists.indymedia.org/pipermail/imc-tech/2004-October/1018-da.html
http://lists.indymedia.org/pipermail/imc-tech/2004-October/1019-az.html
It doesn't appear that this affects Dada 0.98.2, but check your site just
in case. A patch has been posted in the second email.
I'm happy to patch your site if you would like. Ski, I'll need sudo
access to do this.
seeya,
finn
--
pgp encrypted mail welcome -
keyid: CD564868 keyserver: keys.indymedia.org
E9E6 E3A3 4891 48D8 A95E 3F78 90D7 CA42 CD56 4868
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.indymedia.org/pipermail/deskaheh-sysadmin/attachments/20041019/525496ba/attachment.pgp
More information about the Deskaheh-sysadmin
mailing list