Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability found in CPAINT Ajax Toolkit

From: wiley14 () gmail com
Date: 15 Aug 2005 16:52:54 -0000
I am the original author of the CPAINT Ajax Toolkit (http://cpaint.sourceforge.net/).  Last night we found a 
vulnerability affecting all versions of CPAINT prior to v1.3-SP (which is the patched version of the software) that can 
allow a user with malicious intent to execute server or ASP/PHP commands that would allow them to easily access data on 
the server.

We have removed prior versions of the software from our SourceForge Project website and highly recommend that all users 
upgrade to v1.3-SP which can be downloaded at 
http://sourceforge.net/project/showfiles.php?group_id=141041&package_id=154713&release_id=349396

This problem will also affect any software packages and/or websites that utilize the CPAINT toolkit.  We also suspect 
this problem affects other AJAX toolkits (as they are all very similar in the way they execute functions on the 
backend) and urge other AJAX toolkit authors and users to test for any security problems as well.
Previous By Date Next
Previous By Thread Next

Current thread: