Full Disclosure mailing list archives
Serious holes affecting JFFNMS
From: Tim Brown <timb () nth-dimension org uk>
Date: Sun, 10 Jun 2007 20:53:41 +0100
As a result of a short security audit of JFFNMS, a number of security holes were found, even from the perspective of a non authenticated user. The holes included authentication bypass via SQL injection. Javascript injection and a serious case of information disclosure. After liasing with the developers, the holes have been resolved. Attached are the advisory and patch relating to these flaws. Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/>
Attachment:
jffnms-0.8.3-security-v2.patch
Description:
Attachment:
NDSA20070524.txt.asc
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Serious holes affecting JFFNMS Tim Brown (Jun 10)