Google Mail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Scottish ColdFusion User Group
Home
+ new post
Pages
Files
About this group
Join this group
Message from discussion file upload vulnerability in CF801
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Follow-up To:
Add Cc | Add Follow-up to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers that you hear
 
Gareth Cole  
View profile   Translate to Translated (View Original)
 More options 3 July, 15:41
From: "Gareth Cole" <gareth.c...@esus.ie>
Date: Fri, 3 Jul 2009 15:41:28 +0100
Local: Fri 3 July 2009 15:41
Subject: file upload vulnerability in CF801
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author

Hi Folks,

Just in case you haven't seen this yet, there's a security vulnerability in
the CF801 updater:

http://www.theregister.co.uk/2009/07/03/coldfusion_compromise/

Some genius at adobe decided to enable file uploads by default in the
embedded fckeditor. Unfortunately, this allows hackers to upload any files
they want on to your system, and take control of your server.

The link has full details and remedy.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message, you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google