Fournée du jour

7h59 :

A File Upload issue was discovered in Dotclear through 2.11.2.
To exploit this vulnerability, someone must have a media-privilege account. In admin/media.php, the attacker can create a folder named “*.asp” or “*.asa”. In IIS 5.x/6.0, every file in the folder named “*.asp” or “*.asa” will be resolved as “asp”.

8h00 :

An XSS issue was discovered in Dotclear through 2.11.2.
To exploit this vulnerability, someone must have a account that can use an editor to edit content. Dotclear has the dcCKEditor and dcLegacyEditor editors by default. When using them to edit content, the attacker can inject any JavaScript code into the content in source mode,leading to stored XSS.

Je crois que c’est la fin des blogs :-D

Vivement demain !

Ajouter un commentaire

Comments can be formatted using the Markdown Extra syntax.

Ajouter un rétrolien

URL de rétrolien : https://open-time.net/trackback/13168

Haut de page