Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Dokeos - Multiple Vulnerabilities

From: Sieg Fried <siegfri3d () gmail com>
Date: Thu, 16 Jun 2005 12:25:23 +0200
2 months ago we published an advisory about the Claroline application:
http://www.zone-h.org/advisories/read/id=7472

Dokeos (www.dokeos.com) 1.5.5 has the same vulnerabilities than
Claroline because it was based on it, but not all of them:
there are 3 file inclusion vulnerabilities, and some of the directory
traversal, SQL injection and XSS vulnerabilities that we reported in
Claroline (didn't check more).
Previous versions are probably also affected.
We mailed the Dokeos staff (www.dokeos.com) on the same day (22/04).
The vendor now confirmed that all the vulnerabilities are fixed in
version 1.6 RC2 which is available here:
http://www.dokeos.com/download.php
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: