hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Aug 5 2004, 11:45 PM
QUOTE


Hi, Im Richard Ngo, this is the first time i report an
exploit and found a remote exploit that could allow
arbitrary code execution in CVStrac.

sample exploit :


filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;w;


All versions vulnerable. I have not contacted
cvstrac.org since i cant find their email address.
Please give me credit for the exploit and *please dont
release the exploit code to the public* for other
websites security. Maybe just create an advisory.
Thank you.



Source: http://seclists.org/lists/bugtraq/2004/Aug/0062.html
101
Aug 6 2004, 09:10 PM
QUOTE

The problem has been patched in the CVS archive and
in version 1.1.4 of CVSTrac.


http://seclists.org/lists/bugtraq/2004/Aug/0089.html

wink.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.