Bugtraq mailing list archives
Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
From: aleph1 () DFW NET (Aleph One)
Date: Fri, 5 Sep 1997 16:03:11 -0500
---------- Forwarded message ---------- Date: Fri, 5 Sep 1997 12:43:14 -0700 From: M. Bracewell <markb () ORA COM> To: NTBUGTRAQ () NTADVICE COM Subject: Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
O'reilly's webserver 'website' contains a demopackage that contains the cgi-program uploader.exe. The program uploader.exe doesn't check anything at all.....
This hole did exist prior to the July 1996 revision of uploader.bas, when I added a security fix. The fix has been available since that time at http://software.ora.com/techsupport/software/updates.html The revised uploader was also included in WebSite 1.1g -- Mark Bracewell markb () oreilly com RFC 793 2.10. - Robustness Principle: TCP implementations will follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others.
Current thread:
- Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable Aleph One (Sep 05)
- promisc.c,v null: test devices for sniffers and device moniters. blind (Sep 03)
- Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable David J. Meltzer (Sep 05)
- procfs take II Brian Mitchell (Sep 05)
- Security hole in Linux TCP stack (2.1.53 and all the rest) Superuser (Sep 07)
- sleath port scanning fix Superuser (Sep 07)
- DOS vulnerability in Livingston portmasters (pre 3.7) Dave Andersen (Sep 07)
- Re: sleath port scanning fix Darren Reed (Sep 08)
- Re: sleath port scanning fix Thamer Al-Herbish (Sep 08)