Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Solved -Several flaws in e-business designer (eBD)
From: "Joxean Koret" <joxeanpity () gmail com>
Date: Fri, 16 Jun 2006 19:33:29 +0200

The advisory talk about 3 vulnerabilities

1) File upload issues (related with your patch).

2) Sql injection and path disclosure.

3) Clear text autentication.

I can assume that sysadmin could force https by himself, but... really the
2nd vuln is not related with eBD?


On 6/16/06, Blanca Pons de Dalmases <bpons () oasyssoft com> wrote:

 A Bug in the eBD HTML editor has been discovered. It will allow an user
to modify the images of the /imgfiles folder (the files raised in the
option resources > images).

Oasyssoft, the producer, has installed the patch in all our servers, so
all MyeBD users are updated since the end of may.

Anyway, you will find here the emergency Patch instalation
http://lists.oasyssoft.com/ebd-devel/200605/binNr7awTFdvt.bin <http://>
for being installed at your servers. Althought this patch is for version
3.1.4, it is also available in all eBD versions.

The other mentioned vulnerabilities have no relation to eBD. System
Managers are in charge of configuring their servers in a secure way,
whether or not they are executing eBD .

If you require further information, please contact us at
ebd.soporte () oasyssoft com <http://>.

 Blanca Pons
bpons () oasyssoft com
Dir. Marketing y Comunicación
e-business designer
 C/ Sardenya 56 Local
08005 Barcelona
Tel: 902 181 349
Fax: 932 217 303
www.oasyssoft.com
2655 Le Jeune Rd. Suite 517
Coral Gables, FL 33134 United States
Phone: +1(305) 448 2148
Fax: +1(305) 448 0097
www.ebdsoft.com

eBD es un producto Oasyssoft
Este mensaje (así como los archivos adjuntos o los links que contiene)
puede contener información privilegiada o confidencial. Si no es usted el
destinatario indicado, queda notificado de que la utilización, divulgación
y/o copia sin autorización está prohibida en virtud de la legislación
vigente. Si ha recibido este mensaje por error, le rogamos que nos lo
comunique inmediatamente por esta misma vía y proceda a su destrucción.

This email (and any attachments or hyperlinks within it) may contain
information that is confidential, legally privileged or otherwise protected
from disclosure. If you are not the intended recipient of this email, you
are not entitled to use, disclose, distribute, copy, print, disseminate or
rely on this email in any way. If you have received this email in error,
please notify the sender immediately by telephone or email and destroy it,
and all copies of it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault