Full Disclosure mailing list archives
DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
From: ddivulnalert <ddivulnalert () ddifrontline com>
Date: Wed, 6 Mar 2013 15:03:56 -0600
Title ----- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Severity -------- High Date Discovered --------------- February 14, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: 0x00string, Ryan Oliver and r@b13$ Vulnerability Description ------------------------- The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file system. Solution Description -------------------- DALIM has provided a software update which addresses this issue in the form of DiALOG_Server-6.0.0.0-113. The update is available from DALIM. Tested Systems / Software ------------------------- Apple Mac OS X running DALIM Dialog server 6.0 Vendor Contact -------------- Vendor Name: Dalim Software GmbH Vendor Website: http://www.dalim.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion ddivulnalert (Mar 06)