Full Disclosure mailing list archives
Dokeos - Multiple Vulnerabilities
From: Sieg Fried <siegfri3d () gmail com>
Date: Thu, 16 Jun 2005 12:25:23 +0200
2 months ago we published an advisory about the Claroline application: http://www.zone-h.org/advisories/read/id=7472 Dokeos (www.dokeos.com) 1.5.5 has the same vulnerabilities than Claroline because it was based on it, but not all of them: there are 3 file inclusion vulnerabilities, and some of the directory traversal, SQL injection and XSS vulnerabilities that we reported in Claroline (didn't check more). Previous versions are probably also affected. We mailed the Dokeos staff (www.dokeos.com) on the same day (22/04). The vendor now confirmed that all the vulnerabilities are fixed in version 1.6 RC2 which is available here: http://www.dokeos.com/download.php _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Dokeos - Multiple Vulnerabilities Sieg Fried (Jun 16)